                                 CODE OF VIRGINIA

DEFINITIONS (§ 59.1-550)

As used in this chapter, unless the context requires a different meaning:
		&#8220;Attribute provider&#8221; means an entity, or a supplier, employee, or
agent thereof, that acts as the authoritative record of identifying information
about an identity credential holder.
		&#8220;Commonwealth identity management standards&#8221; means the minimum
specifications and standards that must be included in an identity trust
framework so as to define liability pursuant to this chapter that are set forth
in guidance documents approved by the Secretary of Administration pursuant to
Chapter 4.3 (§ 2.2-436 et seq.) of Title 2.2.
		&#8220;Federated digital identity system&#8221; or &#8220;federation&#8221;
means a digital identity system that (i) utilizes federated identity management
to enable the portability of identity information across otherwise autonomous
security domains; (ii) is compliant with the Commonwealth&#8217;s identity
management standards and with the provisions of the governing identity trust
framework; (iii) has established identity, security, privacy, technology, and
enforcement rules and policies adhered to by certified identity providers that
are members of the federated digital identity system; (iv) includes as members
federation administrators, federation operators, identity trust framework
operators, and identity providers; and (v) allows, but does not require, relying
parties to be members of the federated digital identity system in order to
accept an identity credential issued by a certified identity provider to verify
an identity credential holder&#8217;s identity.
		&#8220;Federated identity management&#8221; means a process that allows the
conveyance of identity credentials and authentication information across digital
identity systems through the use of a common set of policies, practices, and
protocols for managing the identity of users and devices across security
domains.
		&#8220;Federation administrator&#8221; means a person or entity that certifies
compliance with the Commonwealth&#8217;s identity management standards by either
a federation operator or an identity trust framework operator at the time of
issuance of identity credentials, identity and entitlement attributes, or
trustmarks.
		&#8220;Federation operator&#8221; means the entity that (i) defines rule and
policies for member parties to a federation; (ii) certifies identity and
entitlement attribute providers to be members of and issue identity credentials
pursuant to the federation; and (iii) evaluates participation in the federation
to ensure compliance by members of the federation with its rules and policies,
including the ability to request audits of participants for verification of
compliance.
		&#8220;Identity attribute&#8221; means identifying information associated with
an identity credential holder.
		&#8220;Identity credential&#8221; means the data, or the physical object upon
which the data may reside, that an identity credential holder may present to
verify or authenticate his identity in a digital or online transaction.
		&#8220;Identity credential holder&#8221; means a person bound to or in
possession of an identity credential who has agreed to the terms and conditions
of the identity provider.
		&#8220;Identity proofer&#8221; means a person or entity authorized to act as a
representative of an identity provider in the confirmation of a potential
identity credential holder&#8217;s identification and identity attributes prior
to issuing an identity credential to a person.
		&#8220;Identity provider&#8221; means an entity, or a supplier, employee, or
agent thereof, certified by an identity trust framework operator to provide
identity credentials that may be used by an identity credential holder to assert
his identity, or any related attributes, in a digital or online transaction. For
purposes of this chapter, &#8220;identity provider&#8221; includes an attribute
provider, an identity proofer, and any suppliers, employees, or agents thereof.
		&#8220;Identity trust framework&#8221; means a digital identity system with
established identity, security, privacy, technology, and enforcement rules and
policies adhered to by certified identity providers that are members of the
identity trust framework. Members of an identity trust framework include
identity trust framework operators and identity providers. Relying parties may
be, but are not required to be, a member of an identity trust framework in order
to accept an identity credential issued by a certified identity provider to
verify an identity credential holder&#8217;s identity.
		&#8220;Identity trust framework operator&#8221; means the entity that (i)
defines rules and policies for member parties to an identity trust framework,
(ii) certifies identity providers to be members of and issue identity
credentials pursuant to the identity trust framework, and (iii) evaluates
participation in the identity trust framework to ensure compliance by members of
the identity trust framework with its rules and policies, including the ability
to request audits of participants for verification of compliance.
		&#8220;Relying party&#8221; is an individual or entity that relies on the
validity of an identity credential or an associated trustmark.
		&#8220;Trustmark&#8221; means a machine-readable official seal, authentication
feature, certification, license, or logo that may be provided by an identity
trust framework operator to certified identity providers within its identity
trust framework or federation to signify that the identity provider complies
with the written rules and policies of the identity trust framework or
federation.

HISTORY: 2015, cc. 482, 483; 2020, cc. 736, 738.