Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

The BIT Report is an official Kantara Initiative report (PDF format / HTML format

OCA schema bases contain a "attr_blinding" flagging block to enable schema issuers to flag attributes that could potentially unblind the identity of a governing entity. In order to establish commonality across Working Groups (WGs), Task Forces (TFs) and Focus Groups (FGs) at Trust over IP, the BIT fields and notes are defined below for general reference.

BIT Fields & Notes

The field(s) below may be represented by single or multiple fields in your application. The overall suggested approach is to be conservative. When reviewing the contents of your dataset against the taxonomy, you should encrypt if the taxonomy might apply, rather than taking a narrow approach. You may find that a field in your dataset might fall within more than one category. That is to be expected as the definitions are somewhat, and intentionally, fuzzy. More precise or prescriptive definitions are the purview of profiles and schemas, where the population of possible field categories can be prescribed or defined more precisely.

#Field CategoriesNotes
1NamesThis includes, but is not restricted to: First Names, Last Names, Full Names, and Entity Names.
2Physical Address(es)
3E-mail Address(es)
4Telephone Number(s)
5Postal Code(s)May be included with Physical Address.
6Personal Software Application Handles This is a variant on Name. Example sources include Skype, Slack, RocketChat, etc.
7Profile Pages
8Passport Numbers
9Social Security Numbers
10National Insurance Numbers
11Driving License Numbers
12Vehicle Registration Numbers
13Bank Account Numbers
14Financial Institution Card NumbersThis includes but is not restricted to credit or debit card numbers.
15Personal Identification Numbers (PINs)
16Private Keys / Master Keys
17Symmetric Keys
18Public Keys
19Link Secrets
20Decentralized Identifiers (DIDs)See https://w3c.github.io/did-core/  
21Employee IdentifiersThis may include identifiers from benefits providers like pension plans.
22Account Identifiers
23Government IdentifiersNumbers, cards or other artefacts issued by a government to a natural person or entity.
24Membership Identifiers Examples include but are not restricted to membership in a political party, trade union, fraternal order, survivors groups, or email lists.
25Institutional Identifiers Examples include private health care providers, private clubs, and so on.
26Case IdentifiersExamples include Case ID Numbers, Benefit Plan Participation Identifiers, and so on.
27User IdentifiersExamples include User IDs, logins, and so on.
28Passwords
29SignaturesAnalog or Digital
30Digital CertificatesEven where a certificate is published and publicly available.
31PhotosWhen encrypting files, examine whether the file name should also be encrypted.
32VideosWhen encrypting files, examine whether the file name should also be encrypted.
33ImagesWhen encrypting files, examine whether the file name should also be encrypted.
34Vocal Sound BitesWhen encrypting files, examine whether the file name should also be encrypted.
35Dates and timestamps[1]Examples include Date of Birth[2], transaction dates, and so on.
36Genetic IdentifiersThis includes but is not restricted to chromosomal, deoxyribonucleic acid (DNA) and ribonucleic acid (RNA) data.
37Biometric IdentifiersThis includes but is not restricted to voiceprints, iris scans, facial imaging and dactyloscopic (fingerprint) data.
38Internet Protocol (IP) Addresses
39Media Access Control (MAC) Addresses
40Service Set Identifiers (SSID)This includes local WiFi SSIDs.
41Bluetooth Device Addresses (BD_ADDR)
42Locational Information This includes Global Positioning System (GPS) or other coordinates, 3-word addresses, and so on.
43Cookie Browser Identifiers
44Radio Frequency Identifiers
45IoT Identifiers (incl. smart meter data)
46International Mobile Equipment Identity (IMEI)
47International Mobile Subscriber Identity (IMSI)
48Social media posts and commentsThis kind of field may need to be parsed and/or tokenized as part of the blinding process
49Free-Form Text Fields / Unstructured Data[3]This kind of field may need to be parsed and/or tokenized as part of the blinding process

[1] Not all captured dates will reveal a person or entity’s identity but some will so, if in doubt, encrypt.

[2] In some use cases this can be avoided by using only the Month, or Month/Year of birth, but only if this can be validated.

[3] Text which does not have a given structure, nor which is entered in any specific format. Note: All free-form text fields should be encrypted.

  • No labels