App assessment

Every identity app is subject to an assessment prior to implementing the app into our platform. The objective of the assessment is to ensure the respective app is secure, matches the functionalities of our platform, and that we have an overview of the attributes available and the underlying business model.

Topics

Key topics assessed in the assessment include, but are not limited to:

• Cryptography. This validates if the applied cryptography of the app to secure the data stored within the app (being on the device itself for decentralized identity apps, and in a centralized vault for federated apps), is in line with NIST and ETSI standards.
• Ecosystem. Verify if the app is part of an open or closed ecosystem. This implies that parties that would like to interact with this app are either limited before they can issue attributes, or any party can issue credentials as long as they adhere to the rules set in this ecosystem.
• Data-control and data-minimalisation. We assess that the customer is in control of the data, can share a limited set of attributes and lastely, if the privacy of the user is safeguarded and how this is being done.

Interval

The assessment is updated regulary based on developments in the legal domain (such as eIDAS2.0, cryptography developments, etc), internal developments and/or periodic review to ensure the assessment is up to standards.

Reevaluation

On a yearly basis, all apps are re-assessed to monitor changes and updates to ensure the app is still up to our standards.