As used in this chapter, unless the context requires a different meaning:”Attribute provider” means an entity, or a supplier, employee, or agent thereof, that acts as the authoritative record of identifying information about an identity credential holder.”Commonwealth identity management standards” means the minimum specifications and standards that must be included in an identity trust framework so as to define liability pursuant to this chapter that are set forth in guidance documents approved by the Secretary of Technology pursuant to Chapter 4.3 (§ 2.2-436 et seq.) of Title 2.2.”Identity attribute” means identifying information associated with an identity credential holder.”Identity credential” means the data, or the physical object upon which the data may reside, that an identity credential holder may present to verify or authenticate his identity in a digital or online transaction.”Identity credential holder” means a person bound to or in possession of an identity credential who has agreed to the terms and conditions of the identity provider.”Identity proofer” means a person or entity authorized to act as a representative of an identity provider in the confirmation of a potential identity credential holder’s identification and identity attributes prior to issuing an identity credential to a person.”Identity provider” means an entity, or a supplier, employee, or agent thereof, certified by an identity trust framework operator to provide identity credentials that may be used by an identity credential holder to assert his identity, or any related attributes, in a digital or online transaction. For purposes of this chapter, “identity provider” includes an attribute provider, an identity proofer, and any suppliers, employees, or agents thereof.”Identity trust framework” means a digital identity system with established identity, security, privacy, technology, and enforcement rules and policies adhered to by certified identity providers that are members of the identity trust framework. Members of an identity trust framework include identity trust framework operators and identity providers. Relying parties may be, but are not required to be, a member of an identity trust framework in order to accept an identity credential issued by a certified identity provider to verify an identity credential holder’s identity.”Identity trust framework operator” means the entity that (i) defines rules and policies for member parties to an identity trust framework, (ii) certifies identity providers to be members of and issue identity credentials pursuant to the identity trust framework, and (iii) evaluates participation in the identity trust framework to ensure compliance by members of the identity trust framework with its rules and policies, including the ability to request audits of participants for verification of compliance.”Relying party” is an individual or entity that relies on the validity of an identity credential or an associated trustmark.”Trustmark” means a machine-readable official seal, authentication feature, certification, license, or logo that may be provided by an identity trust framework operator to certified identity providers within its identity trust framework to signify that the identity provider complies with the written rules and policies of the identity trust framework.
2015, cc. 482, 483.