Biometric Identity Assurance Services (BIAS) SOAP Profile Version 1.0 s1

2Biometric Identity Assurance Services 3(BIAS) SOAP Profile Version 1.0

4Committee Specification 01

504 November 2011

6Specification URIs 7This version: 8 http://docs.oasis-open.org/bias/soap-profile/v1.0/cs01/biasprofile-v1.0-cs01.doc (Authoritative) 9 http://docs.oasis-open.org/bias/soap-profile/v1.0/cs01/biasprofile-v1.0-cs01.html 10 http://docs.oasis-open.org/bias/soap-profile/v1.0/cs01/biasprofile-v1.0-cs01.pdf 11Previous version: 12 http://docs.oasis-open.org/bias/soap-profile/v1.0/csprd02/biasprofile-v1.0-csprd02.doc 13 (Authoritative) 14 http://docs.oasis-open.org/bias/soap-profile/v1.0/csprd02/biasprofile-v1.0-csprd02.html 15 http://docs.oasis-open.org/bias/soap-profile/v1.0/csprd02/biasprofile-v1.0-csprd02.pdf 16Latest version: 17 http://docs.oasis-open.org/bias/soap-profile/v1.0/biasprofile-1.0.doc (Authoritative) 18 http://docs.oasis-open.org/bias/soap-profile/v1.0/biasprofile-1.0.html 19 http://docs.oasis-open.org/bias/soap-profile/v1.0/biasprofile-1.0.pdf 20Technical Committee: 21 OASIS Biometric Identity Assurance Services (BIAS) Integration TC 22Chair: 23 Cathy Tilton ([email protected]), Daon 24Editors: 25 Kevin Mangold ([email protected]), NIST 26 Matthew Swayze ([email protected]), Daon 27 Cathy Tilton ([email protected]), Daon 28Additional Work Product artifacts: 29 This prose specification is one component of a Work Product which also includes: 30  XML schema: http://docs.oasis-open.org/bias/soap-profile/v1.0/cs01/cbeff.xsd 31  WSDL: http://docs.oasis-open.org/bias/soap-profile/v1.0/cs01/BIAS.wsdl 32Related work: 33 This specification is related to: 34  ANSI INCITS 442-2010, Biometric Identity Assurance Services (BIAS) 35Declared XML namespaces: 36 http://docs.oasis-open.org/bias/ns/bias-1.0/ 37 http://docs.oasis-open.org/bias/ns/biaspatronformat-1.0/

1biasprofile-v1.0-cs01 04 November 2011 2Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 1 of 211 38Abstract: 39 This document specifies a SOAP profile that implements the BIAS abstract operations specified 40 in INCITS 442 as SOAP messages. 41Status: 42 This document was last revised or approved by OASIS Biometric Identity Assurance Services 43 (BIAS) Integration TC on the above date. The level of approval is also listed above. Check the 44 “Latest version” location noted above for possible later revisions of this document. 45 Technical Committee members should send comments on this specification to the Technical 46 Committee’s email list. Others should send comments to the Technical Committee by using the 47 “Send A Comment” button on the Technical Committee’s web page at http://www.oasis- 48 open.org/committees/bias/. 49 For information on whether any patents have been disclosed that may be essential to 50 implementing this specification, and any offers of patent licensing terms, please refer to the 51 Intellectual Property Rights section of the Technical Committee web page (http://www.oasis- 52 open.org/committees/bias/ipr.php). 53Citation format: 54 When referencing this specification the following citation format should be used: 55 [BIASPROFILE] 56 Biometric Identity Assurance Services (BIAS) SOAP Profile Version 1.0. 04 November 2011. 57 OASIS Committee Specification 01. 58 http://docs.oasis-open.org/bias/soap-profile/v1.0/cs01/biasprofile-v1.0-cs01.html

60Copyright © OASIS Open 2011. All Rights Reserved. 61All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual 62Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website. 63This document and translations of it may be copied and furnished to others, and derivative works that 64comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, 65and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice 66and this section are included on all such copies and derivative works. However, this document itself may 67not be modified in any way, including by removing the copyright notice or references to OASIS, except as 68needed for the purpose of developing any document or deliverable produced by an OASIS Technical 69Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must 70be followed) or as required to translate it into languages other than English. 71The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors 72or assigns. 73This document and the information contained herein is provided on an "AS IS" basis and OASIS 74DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY 75WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY 76OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A 77PARTICULAR PURPOSE. 78OASIS requests that any OASIS Party or any other party that believes it has patent claims that would 79necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, 80to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to 81such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that 82produced this specification. 83OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of 84any patent claims that would necessarily be infringed by implementations of this specification by a patent 85holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR 86Mode of the OASIS Technical Committee that produced this specification. OASIS may include such 87claims on its website, but disclaims any obligation to do so. 88OASIS takes no position regarding the validity or scope of any intellectual property or other rights that 89might be claimed to pertain to the implementation or use of the technology described in this document or 90the extent to which any license under such rights might or might not be available; neither does it represent 91that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to 92rights in any document or deliverable produced by an OASIS Technical Committee can be found on the 93OASIS website. Copies of claims of rights made available for publication and any assurances of licenses 94to be made available, or the result of an attempt made to obtain a general license or permission for the 95use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS 96Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any 97information or list of intellectual property rights will at any time be complete, or that any claims in such list 98are, in fact, Essential Claims. 99The names "OASIS" and “BIAS” are trademarks of OASIS, the owner and developer of this specification, 100and should be used only to refer to the organization and its official outputs. OASIS welcomes reference 101to, and implementation and use of, specifications, while reserving the right to enforce its marks against 102misleading uses. Please see http://www.oasis-open.org/who/trademark.php for above guidance. 103

1051 Introduction...... 8 106 1.1 Purpose/Scope...... 8 107 1.2 Overview...... 8 108 1.3 Background...... 8 109 1.4 Relationship to Other Standards...... 9 110 1.5 Terminology...... 9 111 1.6 References...... 10 112 1.6.1 Normative References...... 10 113 1.6.2 Non-Normative References...... 11 1142 Design Concepts and Architecture (non-normative)...... 13 115 2.1 Philosophy...... 13 116 2.2 Context...... 13 117 2.3 Architecture...... 13 1183 Data dictionary...... 16 119 3.1 Documentation Conventions...... 16 120 3.2 Common Elements...... 17 121 3.2.1 ApplicationIdentifier...... 17 122 3.2.2 ApplicationUserIdentifier...... 17 123 3.2.3 BaseBIRType...... 17 124 3.2.4 BIASBiometricDataType...... 17 125 3.2.5 BIASFaultCode...... 18 126 3.2.6 BIASFaultDetail...... 18 127 3.2.7 BIASIdentity...... 19 128 3.2.8 BIASIDType...... 19 129 3.2.9 BinaryBIR...... 19 130 3.2.10 BiographicDataItemType...... 20 131 3.2.11 BiographicDataSetType...... 20 132 3.2.12 BiographicDataType...... 21 133 3.2.13 BiometricDataElementType...... 21 134 3.2.14 BiometricDataListType...... 22 135 3.2.15 CandidateListResultType...... 22 136 3.2.16 CandidateListType...... 22 137 3.2.17 CandidateType...... 23 138 3.2.18 CapabilityListType...... 23 139 3.2.19 CapabilityName...... 23 140 3.2.20 CapabilityType...... 24 141 3.2.21 CBEFF_BIR_ListType...... 24 142 3.2.22 CBEFF_BIR_Type...... 24 143 3.2.23 Classification...... 25 144 3.2.24 ClassificationAlgorithmType...... 25 145 3.2.25 ClassificationData...... 25 146 3.2.26 EncounterListType...... 26 147 3.2.27 FusionDecision...... 26

7biasprofile-v1.0-cs01 04 November 2011 8Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 4 of 211 148 3.2.28 FusionInformationListType...... 26 149 3.2.29 FusionInformationType...... 26 150 3.2.30 FusionResult...... 27 151 3.2.31 FusionScore...... 27 152 3.2.32 GenericRequestParameters...... 27 153 3.2.33 IdentifySubjectResultType...... 27 154 3.2.34 InformationType...... 27 155 3.2.35 ListFilterType...... 28 156 3.2.36 MatchType...... 28 157 3.2.37 ProcessingOptionsType...... 28 158 3.2.38 ProductID...... 28 159 3.2.39 QualityData...... 28 160 3.2.40 ResponseStatus...... 29 161 3.2.41 ReturnCode...... 29 162 3.2.42 Score...... 29 163 3.2.43 TokenResultType...... 29 164 3.2.44 TokenType...... 30 165 3.2.45 URI_BIR...... 30 166 3.2.46 VendorIdentifier...... 30 167 3.2.47 Version...... 30 168 3.2.48 VersionType...... 30 169 3.2.49 XML_BIR...... 30 1704 BIAS Messages...... 32 171 4.1 Primitive Operations...... 32 172 4.1.1 AddSubjectToGallery...... 32 173 4.1.2 CheckQuality...... 33 174 4.1.3 ClassifyBiometricData...... 35 175 4.1.4 CreateSubject...... 37 176 4.1.5 DeleteBiographicData...... 38 177 4.1.6 DeleteBiometricData...... 39 178 4.1.7 DeleteSubject...... 40 179 4.1.8 DeleteSubjectFromGallery...... 41 180 4.1.9 GetIdentifySubjectResults...... 43 181 4.1.10 IdentifySubject...... 45 182 4.1.11 ListBiographicData...... 47 183 4.1.12 ListBiometricData...... 50 184 4.1.13 PerformFusion...... 54 185 4.1.14 QueryCapabilities...... 56 186 4.1.15 RetrieveBiographicInformation...... 57 187 4.1.16 RetrieveBiometricInformation...... 59 188 4.1.17 SetBiographicData...... 61 189 4.1.18 SetBiometricData...... 63 190 4.1.19 TransformBiometricData...... 64 191 4.1.20 UpdateBiographicData...... 66 192 4.1.21 UpdateBiometricData...... 68

9biasprofile-v1.0-cs01 04 November 2011 10Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 5 of 211 193 4.1.22 VerifySubject...... 69 194 4.2 Aggregate Operations...... 71 195 4.2.1 Enroll...... 71 196 4.2.2 GetEnrollResults...... 72 197 4.2.3 GetIdentifyResults...... 74 198 4.2.4 GetVerifyResults...... 75 199 4.2.5 Identify...... 77 200 4.2.6 RetrieveInformation...... 78 201 4.2.7 Verify...... 79 2025 Message structure and rules...... 82 203 5.1 Purpose and constraints...... 82 204 5.2 Message requirements...... 83 205 5.3 Handling binary data...... 84 206 5.3.1 Base64 encoding...... 84 207 5.3.2 Use of XOP...... 84 208 5.4 Discovery...... 85 209 5.5 Identifying operations...... 85 210 5.5.1 Operation name element...... 85 211 5.5.2 WS-Addressing Action...... 86 212 5.6 Security...... 87 213 5.6.1 Use of SSL 3.0 or TLS 1.0...... 87 214 5.6.2 Data Origin Authentication...... 87 215 5.6.3 Message Integrity...... 87 216 5.6.4 Message Confidentiality...... 87 217 5.6.5 CBEFF BIR security features...... 87 218 5.6.6 Security Considerations...... 88 219 5.6.7 Security of Stored Data...... 88 220 5.6.8 Key Management...... 88 221 5.7 Use with other WS* standards...... 88 222 5.8 Tailoring...... 88 2236. Error handling...... 90 224 6.1 BIAS operation return codes...... 90 225 6.2 SOAP fault codes...... 90 2267. Conformance...... 91 227Annex A. XML Schema...... 92 228Annex B: BIAS Patron format specification...... 174 229 B.1 Patron...... 174 230 B.2 Patron identifier...... 174 231 B.3 Patron format name...... 174 232 B.4 Patron format identifier...... 174 233 B.5 ASN.1 object identifier for this patron format...... 174 234 B.6 Domain of use...... 174 235 B.7 Version identifier...... 174 236 B.8 CBEFF version...... 174 237 B.9 General...... 175

11biasprofile-v1.0-cs01 04 November 2011 12Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 6 of 211 238 B.10 Specification...... 175 239 B.11 Element ...... 176 240 B.11.1 Syntax...... 176 241 B.11.2 Semantics...... 176 242 B.12 Element ...... 177 243 B.12.1 Syntax...... 177 244 B.12.2 Semantics...... 177 245 B.13 Element ...... 178 246 B.13.1 Syntax...... 178 247 B.13.2 Semantics...... 178 248 B.14 Element ...... 178 249 B.14.1 Syntax...... 178 250 B.14.2 Semantics...... 179 251 B.15 Element ...... 180 252 B.15.1 Syntax...... 180 253 B.15.2 Semantics...... 182 254 B.16 Element ...... 186 255 B.16.1 Syntax...... 186 256 B.16.2 Semantics...... 187 257 B.17 Representation of Integers...... 187 258 B.18 Representation of Octet Strings...... 187 259 B.19 Representation of Date and Time of the Day...... 188 260 B.20 Representation of Universally Unique Identifiers...... 189 261 B.21 Patron format conformance statement...... 189 262 B.21.1 Identifying information...... 189 263 B.21.2 ISO/IEC 19785-1:2006/Amd 1:2010 to Patron Format Mapping...... 189 264 B.22 XML schema of the BIAS patron format...... 191 265 B.23 Sample BIR encoding...... 194 266Annex C. Use Cases (non-normative)...... 196 267 C.1 Verification Use Case...... 196 268 C.2 Asynchronous Verification Use Case...... 197 269 C.3 Primitive Verification Use Case...... 198 270 C.4 Identification Use Case...... 199 271 C.5 Biometric Enrollment Use Case...... 200 272 C.6 Primitive Enrollment Use Case...... 201 273Annex D. Samples (non-normative)...... 202 274 D.1 Create Subject Request/Response Example...... 202 275 D.2 Set Biographic Data Request/Response Example...... 204 276 D.3 Set Biometric Data Request/Response Example...... 205 277Annex E. Acknowledgements...... 208 278Annex F. Revision History...... 209 279

281 1.1 Purpose/Scope 282This Organization for the Advancement of Structured Information Standards (OASIS) Biometric Identity 283Assurance Services (BIAS) profile specifies how to use the eXtensible Markup Language (XML) [XML10] 284defined in ANSI INCITS 442-2010 – Biometric Identity Assurance Services [INCITS-BIAS] to invoke 285Simple Object Access Protocol (SOAP) -based services that implement BIAS operations. These SOAP- 286based services enable an application to invoke biometric identity assurance operations remotely in a 287Services Oriented Architecture (SOA) infrastructure. 288Not included in the scope of BIAS is the incorporation of biometric authentication as an integral 289component of an authentication or security protocol. (However, BIAS services may be leveraged to 290implement biometric authentication in the future.)

291 1.2 Overview 292In addition to this introduction, this standard includes the following: 293  Clause 2 presents the design concepts and architecture for invoking SOAP-based services that 294 implement BIAS operations. 295  Clause 3 presents the namespaces necessary to implement this profile, INCITS BIAS data 296 elements, and identifies relationships to external data definitions. 297  Clause 4 specifies the content of the BIAS messages. 298  Clause 5 presents the BIAS message structure, as well as rules and considerations for its 299 application. 300  Clause 6 presents information on error handling. 301  Clause 7 specifies conformance requirements. 302  Annexes include the OASIS BIAS XML schema/sample Web Service Definition Language 303 (WSDL), BIAS CBEFF Patron Format, use cases, sample code, acknowledgements, and the 304 revision history of this profile.

305 1.3 Background 306In late 2005/early 2006, a gap was identified in the existing biometric standards portfolio with respect to 307biometric services. The Biometric Identity Assurance Services standard proposal was for a collaborative 308effort between government and private industry to provide a services-based framework for delivering 309identity assurance capabilities, allowing for platform and application independence. This standard 310proposal required the attention of two major technical disciplines: biometrics and service architectures. 311The expertise of both disciplines was required to ensure the standard was technically sound, market 312relevant, and achieved widespread adoption. The International Committee for Information Technology 313Standards (INCITS) M1 provided the standards leadership relevant to biometrics, defining the “taxonomy” 314of biometric operations and data elements. OASIS provided the standards leadership relevant to service 315architectures with an initial focus on web services, defining the schema and SOAP messaging. 316The driving requirements of the BIAS standard proposal were to provide the ability to remotely invoke 317biometric operations across an SOA infrastructure; to provide business level operations without 318constraining the application/business logic that implements those operations; to be as generic as possible 319– technology, framework, & application domain independent; and to provide basic capabilities that can be 320used to construct higher level, aggregate/composite operations.

15biasprofile-v1.0-cs01 04 November 2011 16Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 8 of 211 321 1.4 Relationship to Other Standards 322This OASIS BIAS profile comprises a companion standard to ANSI INCITS 442-2010 – Biometric Identity 323Assurance Services, which defines the BIAS requirements and taxonomy, specifying the identity 324assurance operations and the associated data elements. This OASIS BIAS profile specifies the design 325concepts and architecture, data model and data dictionary, message structure and rules, and error 326handling necessary to invoke SOAP-based services that implement BIAS operations. 327Together, the BIAS standard and the BIAS profile provide an open framework for deploying and remotely 328invoking biometric-based identity assurance capabilities that can be readily accessed across an SOA 329infrastructure. 330This relationship allows the leveraging of the biometrics and web services expertise of the two standards 331development organizations. Existing standards are available in both domains and many of these 332standards will provide the foundation and underlying capabilities upon which the biometric services 333depend.

334 1.5 Terminology 335The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD 336NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described 337in [RFC2119]. 338The following additional terms and definitions are used: 339Note: The terms and definitions specified in INCITS (InterNational Committee for Information Technology 340Standards) (Project 1823-D) also apply to this Standard. 341 342BIAS operation and data element names are not defined here, but in their respective sections. 343 344BIAS 345 Biometric Identity Assurance Services 346BIR 347 Biometric Information Record 348ESB 349 Enterprise Service Bus 350HTTP 351 HyperText Transfer Protocol 352HTTPS 353 HyperText Transfer Protocol over SSL or HTTP Secure 354IRI 355 Internationalized Resource Identifier 356SOA 357 Service-Oriented Architecture 358SOAP 359 Simple Object Access Protocol 360SSL 361 Secure Sockets Layer 362TLS 363 Transport Layer Security 364UDDI 365 Universal Description, Discovery, and Integration 366URI 367 Uniform Resource Identifier 368VPN 369 Virtual Private Network 370WSDL 371 Web Services Description Language 372WSS 373 Web Services Security

17biasprofile-v1.0-cs01 04 November 2011 18Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 9 of 211 374XML 375 eXtensible Markup Language 376 377 378CBEFF 379 Common Biometric Exchange Formats Framework - data elements and BIR formats specified in 380 ISO/IEC 19785-1 381BIAS implementation 382 software entity that is capable of creating, processing, sending, and receiving BIAS messages 383BIAS endpoint 384 runtime entity, identified by an endpoint URI/IRI, capable of sending and receiving BIAS 385 messages, and containing a running BIAS implementation 386BIAS message 387 message that can be sent from a BIAS endpoint to another BIAS endpoint through a BIAS link 388 channel 389BIAS request message 390 BIAS message conveying a request for an action to be performed by the receiving BIAS endpoint 391BIAS response message 392 BIAS message conveying a response to a prior BIAS requestmessage

393 1.6 References

394 1.6.1 Normative References 395 [RFC2119] S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, IETF RFC 2119, 396 March 1997. 397 http://www.ietf.org/rfc/rfc2119.txt 398 399 [CBEFF] ISO/IEC19785-1:2006, Information technology – Common Biometric Exchange Formats 400 Framework – Part 1: Data element specification, with Amendment 1:2010 401 http://www.iso.org 402 403 [DATE-TIME] ISO 8601:2004, Data elements and interchange formats — Information 404 interchange — Representation of dates and times 405 http://www.iso.org 406 407 [INCITS-BIAS] ANSI INCITS 442-2010, Biometric Identity Assurance Services (BIAS), July 2010 408 http://www.incits.org 409 410 [IRI] M. Duerst, et al, Internationalized Resouce Identifiers, W3C RFC3987, January 2005 411 http://www.ietf.org/rfc/rfc3987.txt

412 [SOAP11] Simple Object Access Protocol (SOAP) 1.1, 8 May 2000 413 http://www.w3.org/TR/2000/NOTE-SOAP-20000508/

414 [URI] T. Berners-Lee, R. Fielding, L. Masinter, Uniform Resource Identifiers (URI): 415 Generic Syntax, RFC 3986, MIT/LCS, U.C. Irvine, Xerox Corporation, January 416 2005. 417 http://ietf.org/rfc/rfc3986

19biasprofile-v1.0-cs01 04 November 2011 20Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 10 of 211 418 [UTF-8] ISO/IEC 10646:2003, Information technology — Universal Multiple-Octet Coded 419 Character Set (UCS) 420 http://www.iso.org

421 [WS-Addr] W3C Recommendation,Web Services Addressing 1.0 - Core, and Web Services 422 Addressing 1.0 - SOAP Binding, 9 May 2006 423 http://www.w3.org/2002/ws/addr/

424 [WS-I-Basic] Basic Profile Version 1.1, 10 April 2006 425 http://www.ws-i.org/Profiles/BasicProfile-1.1-2006-04-10.html

426 [WS-I-Bind] Web Services-Interoperability Organization (WS-I) Simple SOAP Binding Profile 427 Version 1.0, 24 August 2004 428 http://www.ws-i.org/Profiles/SimpleSoapBindingProfile-1.0-2004-08-24.html

429 [WSDL11] Web Services Description Language (WSDL) 1.1, 15 March 2001 430 http://www.w3.org/TR/2001/NOTE-wsdl-20010315

431 [XML 10] Extensible Markup Language (XML) 1.0, 16 August 2006 432 http://www.w3.org/TR/2006/REC-xml-20060816/

433 [XOP] XML-binary Optimized Packaging, W3C Recommendation, 25 January 2005 434 http://www.w3.org/TR/2005/REC-xop10-20050125/

435 1.6.2 Non-Normative References 436 [BioAPI] ISO/IEC 19784-1:2006, Information technology – Biometric Application 437 Programming Interface – Part 1: BioAPI Specification 438 http://www.iso.org

439 [CBEFF-3] ISO/IEC19785-3:2007, Information technology – Common Biometric Exchange Formats 440 Framework – Part 3: Patron format specifications, with Amendment 1:2010 441 http://www.iso.org 442 443 [BIO SEC] ISO 19092 Financial services -- Biometrics -- Security framework 444 http://www.iso.org

445 [EBTS-DOD] Department of DefenseElectronic Biometric TransmissionSpecification, Version 446 2.0, 27 March 2009 447 http://www.biometrics.dod.mil/CurrentInitiatives/Standards/dodebts.aspx 448 [EBTS-FBI]IAFIS-DOC-01078-8.1, “Electronic Biometric Transmission Specification (EBTS)”, 449 Version 8.1, November 19, 2008, Federal Bureau of Investigation, Criminal Justice 450 Information Services Division 451 https://www.fbibiospecs.org 452 [EFTS] IAFIS-DOC-01078-7, “Electronic Fingerprint Transmission Specification (EFTS)”, Version 453 7.1, May 2, 2005, Federal Bureau of Investigation, Criminal Justice Information Services 454 Division 455 https://www.fbibiospecs.org 456 [HR-XML] HR-XML Consortium Library, 2007 April 15 457 http://www.hr-xml.org 458 [INT-I] Interpol Implementation of ANSI/NIST ITL1-2000, Ver 4.22b, October 28, 2005, The Interpol 459 AFIS Expert Group 460 http://www.interpol.int 461 [NIEM] National Information Exchange Model (NIEM), Ver 2.0, June 2007, US DOJ/DHS 462 http://www.niem.gov 21biasprofile-v1.0-cs01 04 November 2011 22Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 11 of 211 463 [RFC2246] T. Dierks & C. Allen,The TLS Protocol, Version 1.0, January 1999 464 http://www.ietf.org/rfc/rfc2246.txt 465 [RFC2617] J. Franks, et al, HTTP Authentication: Basic and Digest Access Authentication, 466 June 1999 467 http://www.ietf.org/rfc/rfc2617.txt

468 [RFC3280] R. Housley, et al, Internet X.509 Public Key Infrastructure Certificate and 469 Certificate Revocation List (CRL) Profile, April 2002 470 http://www.ietf.org/rfc/rfc3280.txt

471 [SAML] Security Assertion Markup Language (SAML), Oasis Standard, March 2005 472 http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

473 [SAML SEC] Security and Privacy Considerations for the OASIS Security Assertion Markup 474 Language (SAML) V2.0, Oasis Standard, 15 March 2005 475 http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf

476 [SSL3] SSL 3.0 Specification 477 http://www.freesoft.org/CIE/Topics/ssl-draft/3-SPEC.HTM

478 [WSS] Web Services Security: SOAP Message Security 1.1, (WS-Security 2004), 479 OASIS Standard Specification, 1 February 2006 480 http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os- 481 SOAPMessageSecurity.pdf

482 [X509] X.509: Information technology - Open Systems Interconnection - The Directory: 483 Public-key and attribute certificate frameworks, ITU-T, August 2005 484 http://www.itu.int/rec/T-REC-X.509-200508-I

485 [xNAL] Customer Information Quality Specifications Version 3.0: Name (xNL), Address (xAL), Name 486 and Address (xNAL) and Party (xPIL), Committee Specification 02, 20 September 2008 487 http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ciq

489 2.1 Philosophy 490Rather than define a totally new and unique messaging protocol for biometric services, this specification 491instead defines a method for using existing biometric and Web services standards to exchange biometric 492data and perform biometric operations.

493 2.2 Context 494Today, biometric systems are being developed which collect, process, store and match biometric data for 495a variety of purposes. In many cases, data and/or capabilities need to be shared between systems or 496systems serve a number of different client stakeholders. As architectures move towards services-based 497frameworks, access to these biometric databases and services is via a Web services front-end. However, 498lack of standardization in this area has led implementers to develop customized services for each 499system/application. 500BIAS is intended to provide a common, yet flexible, Web services interface that can be used within both 501closed and open SOA systems. Figure 1, below, depicts the context in which the BIAS messages will be 502implemented. 503 504

Biometric Client Subject Resources (Requester) System/ Application A BIAS BIAS Messages Service Provider Subject Client (Requester) System/ Application N Administrator 505 506 507 Figure 1. BIAS Context 508 509The clients (requesters) may use standard discovery mechanisms (i.e., UDDI directories) to discover the 510BIAS service provider (implementation) or, particularly in closed systems, the URI/IRI and WSDL for the 511service provider may be known a priori by the client BIAS application developer.

512 2.3 Architecture 513BIAS Web services are intended to be used within systems employing a services framework, such as a 514services-oriented architecture (SOA) (although implementations are not limited to this environment). As 515such, it is recognized that the clients may interact directly with the BIAS service provider or layers may 516exist between the client and the service provider, for example as an ESB or other application layer. 517The BIAS Architecture as shown in Figure 2, in which: 518  A Client request to the BIAS Web services may be triggered by a human interaction OR any 519 proxy system such as an ESB. 520  Client sends and receives SOAP messages that conform to the BIAS schemas 521  Calls to the BIAS Implementation use OASIS Service Interfaces and Bindings (via WSDL) 25biasprofile-v1.0-cs01 04 November 2011 26Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 13 of 211 522  The BIAS implementation maps the service call to the appropriate internal API or set of APIs 523 and returns data according to the service interface. 524Note that services are represented as circles. 525

526 527 528 Figure 2. Representative BIAS Architecture 529 530 NOTE: It is possible that BIAS may also be used between the service provider and the managed 531 resource (e.g., a biometric matcher). 532 533At the heart of the BIAS SOAP Profile are the concepts of BIAS messages and endpoints. 534 535BIAS implementation 536A BIAS implementation is a software entity that is capable of creating, processing, sending, and receiving 537BIAS messages. This standard does not define requirements for the BIAS implementation other than 538defining the messages and protocols used by the endpoints. 539BIAS messages 540A BIAS message is a one that can be sent from a BIAS endpoint to another BIAS endpoint over a TCP/IP 541link. 542BIAS endpoints 543A BIAS endpoint is a runtime entity, uniquely identified and accessed by an endpoint URI/IRI [URI] [IRI], 544capable of sending and receiving BIAS messages.

27biasprofile-v1.0-cs01 04 November 2011 28Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 14 of 211 545 NOTE: When not publicly and directly exposed, the endpoints for purposes of this specification are 546 the BIAS service provider exposing BIAS services and the component that directly interacts with that 547 service provider, e.g., the business application or ESB, rather than the ultimate end client requester.

29biasprofile-v1.0-cs01 04 November 2011 30Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 15 of 211 5483 Data dictionary 549This section describes the BIAS data elements used within BIAS messages (as defined in Clause 4). 550Common data elements are defined for use in one or more operations. These include common data types 551or return codes. BIAS data elements are defined in ANSI INCITS 442-2010. The elements, complex types 552and simple types described for the BIAS messages belong to the following namespace: http://docs.oasis- 553open.org/bias/ns/bias-1.0/. See AnnexA for the XML schema. 554 NOTE: Biographic and biometric data included in a native XML format MAY contain elements 555 referencing external namespaces (e.g., ansi-nist).

5561 Documentation Conventions 557Each common element has a section describing its content. Likewise, each operation has a section 558describing the request and response messages and the associated input and output parameters. The 559input and output of each message and the comment elements are detailed in a table as described in the 560figure below. Each field that forms part of the message request/response is detailed in the table. 561 Header Description Values Value Meaning Name Field The name of the field. Type The XML schema type of the field. # The cardinality of the field 1 One occurrence 0..1 Zero or one occurrence 0..* Zero or more occurrences 1..* One or more occurrences ? Defines if the field must be present. Y Yes – is always required N No – is not always required, an optional field. C Conditional – requirement is dependent on system or message conditions. Meaning Gives a short description of the field’s use

562 Figure 3. BIAS Message Input/Output Dictionary Table Headings

563Fields Hierarchy Explained: 564To denote the field hierarchy the symbol is used to denote the child-of relationship. 565All string types/elements MUST consist of ISO/IEC 10646 (Unicode) characters encoded in UTF-8 [UTF- 5668] (see ISO/IEC 10646:2003, Annex D).

568 3.2.1 ApplicationIdentifier

Type: string Description: Identifies an application. Min Length: 1 Max Length: 255

569 3.2.2 ApplicationUserIdentifier

Type: string Description: Identifies an application user or instance. Min Length: 1 Max Length: 255

570 3.2.3 BaseBIRType

Type: Schema complexType Description: Base type for all BIR subtypes; see BinaryBIR, URI_BIR, and XML_BIR for currently available types.

572 3.2.4 BIASBiometricDataType

Field Type # ? Meaning BIASBiometricDataType Y Wraps the various BIAS biometric types. The operations that use this type specify which elements are required.

BIRList CBEFF_BIR_ListType 0..1 N A list of CBEFF-BIR elements.

BIR CBEFF_BIR_Type 0..1 N Contains biometric information in either a non-XML or an XML representation.

InputBIR CBEFF_BIR_Type 0..1 N Maps to specific INCITS BIAS elements as required by that specification.

ReferenceBIR CBEFF_BIR_Type 0..1 N Maps to specific INCITS BIAS elements as required by that specification. BiometricDataListType 0..1 N A list of biometric data elements. BiometricDataList

Type: String Description: Error code referenced in a SOAP fault.

574BIASFaultCode Enumeration Values

Value Description UNKNOWN_ERROR The service failed for an unknown reason. UNSUPPORTED_CAPABILITY A requested capability is not supported by the service implementation. INVALID_INPUT The data in a service input parameter is invalid. BIR_QUALITY_ERROR Biometric sample quality is too poor for the service to succeed. INVALID_BIR The input BIR is empty or in an invalid or unrecognized format. BIR_SIGNATURE_FAILURE The service could not validate the signature, if used, on the input BIR. BIR_DECRYPTION_FAILURE The service could not decrypt an encrypted input BIR. INVALID_ENCOUNTER_ID The input encounter ID is empty or in an invalid format. INVALID_SUBJECT_ID The input subject ID is empty or in an invalid format. UNKNOWN_SUBJECT The subject referenced by the input subject ID does not exist. UNKNOWN_GALLERY The gallery referenced by the input gallery ID does not exist. UNKNOWN_ENCOUNTER The encounter referenced by the input encounter ID does not exist. UNKNOWN_BIOGRAPHIC_FORMAT The biographic data format is not known or not supported. UNKNOWN_IDENTITY_CLAIM The identity referenced by the input identity claim does not exist. INVALID_IDENTITY_CLAIM The identity claim requested is already in use. NONEXISTANT_DATA The data requested for deletion does not exist.

575 NOTES: 576 (1) See Clause 6 (Error handling) for an explanation of BIAS faults and return codes. 577 (2) Service provider MAY define additional values specific to their service implementation. 578 (3) See section 5.5 for additional information on BIAS security.

579 3.2.6 BIASFaultDetail

Field Type # ? Meaning BIASFaultDetail Y Defines the error information associated with a SOAP fault.

BIASFaultType BIASFaultCode 1 Y References an error code.

BIASFaultMessage string 1 Y Provides a brief explanation of the fault.

35biasprofile-v1.0-cs01 04 November 2011 36Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 18 of 211 Field Type # ? Meaning string 0..1 N Provides detailed information about a BIASFaultDescription BIAS fault, such as trace details.

580 3.2.7 BIASIdentity

Field Type # ? Meaning BIASIdentity Y Defines a single element for encapsulating the data associated with an Identity. Includes the Identity’s reference identifiers, biographic data, and biometric data. The operations that use this type specify which elements are required.

SubjectID BIASIDType 0..1 C A system unique identifier for a subject. Required as input to many operations.

IdentityClaim BIASIDType 0..1 N An identifier by which a subject is known to a particular gallery or population group.

EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject. Required for encounter- centric models.

EncounterList EncounterListType 0..1 N A list of encounters associated with a subject.

BiographicData BiographicDataType 0..1 N An Identity’s biographic data. BiographicDataType 0..1 N An Identity’s biographic data BiographicDataElements elements that are stored in the implementing system.

BiometricData BIASBiometricDataType 0..1 N An Identity’s biometric data.

581 3.2.8 BIASIDType

Type: string Description: A BIAS Identifier.

582 3.2.9 BinaryBIR

Field Type # ? Meaning BinaryBIR BaseBIRType Y Defines a BIR type of Binary

Binary base64Binary 1 Y BIR information in base64 binary format

584 3.2.10 BiographicDataItemType

Field Type # ? Meaning BiographicDataItemType Y Defines a single biographic data element.

Name string 1 Y The name of the biographic data item.

Type string 1 Y The data type for the biographic data item.

Value string 0..1 N The value assigned to the biographic data item.

585 NOTE: This element can be used to transmit scanned identity documents or document information 586 (e.g., passports, driver’s license, birth certificates, utility bills, etc. required to establish an identity).

587 3.2.11 BiographicDataSetType

Field Type # ? Meaning BiographicDataSetType Y Defines a set of biographic data that is formatted according to the specified format. name string 1 Y The name of the biographic data format. Use these names for common formats: FBI-EFTS [EFTS], FBI- EBTS [EBTS-FBI], DOD-EBTS [EBTS-DOD], INT-I [INT- I], NIEM [NIEM], xNAL [xNAL], HR-XML [HR-XML]. version string 0..1 N The version of the biographic data format (e.g., “7.1” for FBI-EFTS or “2.0” for NIEM). source string 1 Y Reference to a URI/IRI describing the biographic data format. For example: (FBI-EFTS and FBI-EBTS) www.fbibiospecs.org, (DOD-EBTS) www.biometrics.dod.mil, (INT-I) www.interpol.int, (NIEM) www.niem.gov, (xNAL) www.oasis-open.org, (HR-XML) www.hr-xml.org. type string 1 Y The biographic data format type. Use these types for common formats: ASCII (e.g., for non-XML versions of FBI-EFTS, FBI-EBTS, DOD-EBTS, or INT-I), XML (e.g., for NIEM, xNAL, and HR-XML or future versions of FBI- EBTS).

unspecified any 0..* N Biographic data formatted according to a specific format.

588 NOTE: Biographic data formats are not limited to those listed. The string value is not enumerated. 589 If one of the common types are used, it MUSTbe indicated by the specified name values; however, 590 the service provider MAY offer other formats. See INCITS 442 for further information.

Field Type # ? Meaning BiographicDataType Y Defines a set of biographic data elements, utilizing either the BiographicDataItemType to represent a list of elements or the BiographicDataSetType to represent a complete, formatted set of biographic information. One of the following elements must be present.

LastName string 0..1 N The last name of a subject.

FirstName string 0..1 N The first name of a subject.

BiographicDataItems BiographicDataItemType 0..1 N A list of biographic data elements.

BiographicDataItems BiographicDataItemType 1..* N A single biographic data element.

BiographicDataSet BiographicDataSetType 0..1 N A set of biographic data information.

592 NOTE: The implementer is given three choices for encoding biographic data: 593  Encode only first and last name using the defined fields within BiographicDataType 594  Define a list of biographic data elements using the BiographicDataItemType 595  Use a pre-defined set of biographic data (e.g., as specified in another standard) using 596 the BiographicDataSetType. 597 See also INCITS 442, section 8.1 for further information.

598 3.2.13 BiometricDataElementType

Field Type # ? Meaning BiometricDataElementType Y Provides descriptive information about biometric data, such as the biometric type, subtype, and format, contained in the BDB of the CBEFF-BIR.

BiometricType oasis_cbeff:MultipleTypesType 1 Y The type of biological or behavioral data stored in the biometric record, as defined by CBEFF.

BiometricTypeCount positiveInteger 0..1 N The number of biometric records having the biometric type recorded in the biometric type field.

BiometricSubType oasis_cbeff:SubtypeType 0..1 N More specifically defines the type of biometric data stored in the biometric record, as defined by CBEFF.

BDBFormatOwner positiveInteger 1 Y Identifies the standards body, working group, industry consortium, or other CBEFF biometric organization that has defined the format for the biometric data.

BDBFormatType positiveInteger 1 Y Identifies the specific biometric data format specified by the CBEFF biometric organization recorded in the BDB Format Owner field.

600 3.2.14 BiometricDataListType

Field Type # ? Meaning BiometricDataListType Y A list of biometric data elements. 3.2.13 0..* N Data structure containing BiometricDataElement BiometricDataElementType information about a biometric record.

601 3.2.15 CandidateListResultType

Field Type # ? Meaning CandidateListResultType Y Defines a set of candidates, utilizing the CandidateType to represent each element in the set.

CandidateList 3.2.16 1 Y The candidate list. CandidateListType

603 3.2.16 CandidateListType

Field Type # ? Meaning CandidateListType Y Defines a set of candidates, utilizing the CandidateType to represent each element in the set.

Candidate CandidateType 0..* N A single candidate.

Field Type # ? Meaning CandidateType Y Defines a single candidate as a possible match in response to a biometric identification request.

Score Score 0..1 N The match score.

Rank integer 1 Y The rank of the candidate in relation to other candidates for the same biometric identification operation. BiographicDataType 0..1 N Biographic data associated with the BiographicData candidate match.

BIRList CBEFF_BIR_ListType 1 Y Biometric data associated with the candidate match.

605 3.2.18 CapabilityListType

Field Type # ? Meaning CapabilityListType Y Defines a set of capabilities.

Capability CapabilityType 0..* N A single capability.

606 3.2.19 CapabilityName

Type: string Description: A list of capability items.

607CapabilityName Enumeration Values

Value Description AggregateInputDataOptional A data element accepted as optional input by the implementing system for the aggregate services. AggregateInputDataRequired A data element required as input by the implementing system for the aggregate services. AggregateProcessingOption A processing option supported by the implementing system for the aggregate services. AggregateReturnData A data element returned by the implementing system for the aggregate services. AggregateServiceDescription Describes the processing logic of an aggregate service supported by the implementing system. BiographicDataSet Identifies a biographic data set supported by the implementing system. CBEFFPatronFormat A patron format supported by the implementing system. ClassificationAlgorithmType A classification algorithm type supported by the implementing system. ConformanceClass Identifies the conformance class of the BIAS implementation.

45biasprofile-v1.0-cs01 04 November 2011 46Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 23 of 211 Value Description Gallery A gallery or population group supported by the implementing system. IdentityModel Identifies whether the implementing system is person-centric or encounter-centric based. MatchScore Identifies the use of match scores returned by the implementing system. QualityAlgorithm A quality algorithm vendor and algorithm vendor product ID supported by the implementing system. SupportedBiometric A biometric type supported by the implementing system. TransformOperation A transform operation type supported by the implementing system.

608 3.2.20 CapabilityType

Field Type # ? Meaning CapabilityType Y Defines a single capability supported by an implementing system.

CapabilityName CapabilityName 1 Y The name of the capability.

CapabilityID string 0..1 N An identifier assigned to the capability by the implementing system.

CapabilityDescription string 0..1 N A description of the capability.

CapabilityValue string 0..1 N A value assigned to the capability. string 0..1 N A secondary value supporting the CapabilitySupportingValue capability.

CapabilityAdditionalInfo string 0..1 N Contains additional information for the supported capability.

609 3.2.21 CBEFF_BIR_ListType

Field Type # ? Meaning CBEFF_BIR_ListType Y A list of CBEFF-BIR elements.

BIR CBEFF_BIR_Type 0..* N CBEFF structure containing information about a biometric sample.

610 3.2.22 CBEFF_BIR_Type

Field Type # ? Meaning CBEFF_BIR_Type Y Represents biometric information, with either a non-XML or XML representation.

FormatOwner positiveInteger 1 Y Identifies the Patron format owner.

FormatType positiveInteger 1 Y Identifies the Patron format type.

BIR_Information 0..1 N Describes what is contained in a BIR.

BIR_Info oasis_cbeff:BIRInfoType 0..1 N Contains information about the CBEFF-BIR. oasis_cbeff:BDBInfoType 0..1 N Contains information about the BDB_Info BDB in a simple CBEFF-BIR.

SB_Info oasis_cbeff:SBInfoType 0..1 N Contains information about the security block, if used, in a simple CBEFF-BIR.

BIR BaseBIRType 1 Y One of the following sub-elements must be present: BinaryBIR, URI_BIR, or XML_BIR.

611NOTE: The implementer is given three choices for encoding a BIR: 612  As an XML BIR (following the XML Patron format as specified in Annex B) 613  As a reference to a URI (from which the receiver would retrieve the actual BIR) 614  As a complete Base64 encoded binary (non-XML) BIR. 615The latter two alternatives can use any CBEFF Patron Format. The optional BIR_Information provides a 616mechanism for exposing metadata associated with a BIR format that is not easily decoded (i.e., a non- 617XML BIR). See section 5.3 for more information on handling of binary data within BIAS and INCITS 442, 618Clause 8.2, for more information on representing biometric data. 619NOTE: 620 (1) XML BIRs MUST conform to the XML patron format in Annex B; however, non-XML (binary) 621 and URI BIRs MAY implement any CBEFF patron format. 622 (2) It is RECOMMENDED that only registered CBEFF patron formats be used; however, in closed 623 systems, this may not be required.

624 3.2.23 Classification

Type: string Description: The result of a classification.

625 3.2.24 ClassificationAlgorithmType

Type: string Description: Type of classification algorithm that was used to perform the classification.

626 3.2.25 ClassificationData

Field Type # ? Meaning ClassificationData Y Contains information on classification results and the algorithm used to determine the classification.

Classification Classification 1 Y The result of the classification. ClassificationAlgorithmType 1 Y Identifies the type of ClassificationAlgorithmType classification algorithm that was used to perform the classification.

627 3.2.26 EncounterListType

Field Type # ? Meaning EncounterListType Y Defines a set of encounters.

EncounterID BIASIDType 0..* N The identifier of an encounter.

628 3.2.27 FusionDecision

Type: string Description: The match decision assigned by the matching algorithm

630 3.2.28 FusionInformationListType

Field Type # ? Meaning FusionInformationListType Y Contains at a minimum two sets of fusion input elements, as input to the PerformFusion operation.

FusionElement FusionInformationType 2..* Y A set of fusion information.

631 3.2.29 FusionInformationType

Field Type # ? Meaning FusionInformationType Y Represents the information necessary to perform a fusion operation.

BiometricType oasis_cbeff:Multipl 1 Y The type of biological or behavioral data eTypesType stored in the biometric record, as defined by CBEFF. oasis_cbeff: 0..1 N More specifically defines the type of BiometricSubType SubtypeType biometric data stored in the biometric record.

AlgorithmOwner string 1 Y The owner or vendor of the algorithm used to determine the score or decision.

AlgorithmType string 1 Y The Algorithm Owner’s identifier for the specific algorithm product and version used to determine the score or decision.

FusionResult FusionResult 0..1 C Either FusionScore or a FusionDecision element MUST be used.

632 3.2.30 FusionResult

Type: complexType Description: The base type for any resulting types which indicate the status of a Fusion operation

633 3.2.31 FusionScore

Type: Score Description: The similarity score assigned by the matching algorithm.

635 3.2.32 GenericRequestParameters

Field Type # ? Meaning GenericRequestParameters Y Common request parameters that can be used to identify the requester.

Application ApplicationIdentifier 0..1 N Identifies the requesting application.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS operation that BIASOperationName is being requested.

636 NOTE: See section 5.4 for alternatives for identifying the requested BIAS operation in a BIAS 637 SOAP message.

638 3.2.33 IdentifySubjectResultType

Description: A base type for all types that could be returned from the IdentifySubject operation

640 3.2.34 InformationType

Field Type # ? Meaning InformationType Y Allows for an unlimited number of data element types, and it does not specify nor require any particular data element. any 0..* N unspecified

Field Type # ? Meaning ListFilterType Y Provides a method to filter the amount of information returned in a search of biometric data.

BiometricTypeFilters 1 Y

BiometricTypeFilter oasis_cbeff:Multi 1..* Y Limits the returned information to a pleTypesType specific type of biometric, as defined by CBEFF. boolean 1 Y A Boolean flag indicating if biometric IncludeBiometricSubType subtype information should be returned.

642 3.2.36 MatchType

Type: boolean Description: The result of a fusion method.

643 3.2.37 ProcessingOptionsType

Field Type # ? Meaning ProcessingOptionsType Y BIAS aggregate operations support the ability to include various processing options which direct and possibly control the business logic for that operation. The ProcessingOptionsType provides a method to represent those options. Processing options SHOULD be defined by the implementing system.

Option string 0..* N An option supported by the implementing system.

644 3.2.38 ProductID

Type: string Description: The vendor’s ID for a particular product.

645 3.2.39 QualityData

Field Type # ? Meaning QualityData Y Contains information about a biometric sample’s quality and the algorithm used to compute the quality.

QualityScore oasis_cbeff:QualityType 0..1 N The quality of a biometric sample.

AlgorithmVendor VendorIdentifier 1 Y The vendor of the quality algorithm used to determine the quality score.

AlgorithmVendorProductID ProductID 1 Y The vendor’s ID for the algorithm used to determine the quality.

AlgorithmVersion VersionType 0..1 N The version of the algorithm used to determine the quality.

646 3.2.40 ResponseStatus

Field Type # ? Meaning ResponseStatus Y

Return ReturnCode 1 Y The return code indicates the return status of the operation.

Message string 0..1 N A short message corresponding to the return code.

647 3.2.41 ReturnCode

Type: unsignedLong Description: Return value specifying success or other condition.

648 649ReturnCode Enumeration Values

Value Description 0 Success

650 3.2.42 Score

Type: float Description: Match result or quality score.

651 NOTE: Matching scores MAY be in a standardized or proprietary form in terms of value range and 652 interpretation. Quality scores, however, follow the definition found in Annex B.

653 3.2.43 TokenResultType

Field Type # ? Meaning TokenResultType Y Defines a token that is returned for asynchronous processing.

TokenType TokenType 1 Y Defines a token that is returned for asynchronous processing.

Field Type # ? Meaning TokenType Y Defines a token that is returned for asynchronous processing.

TokenValue string 1 Y A value returned by the implementing system that is used to retrieve the results to an operation at a later time.

Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.

656 NOTE: Date/time format is defined in INCITS 442 and is consistent with the date format specified 657 in Annex B and ISO 8601 [DATE-TIME].See also Annex A for schema definition.

658 3.2.45 URI_BIR

Field Type # ? Meaning URI_BIR BaseBIRType Y Defines a BIR type of Binary

URI anyURI 1 Y The URI of the BIR

660 3.2.46 VendorIdentifier

Type: string Description: Identifies a vendor.

661 NOTE: Vendor identifiers are registered with IBIA as the CBEFF registration authority (see 662 ISO/IEC 19785-2). Registered biometric organizations are listed at: 663 http://www.ibia.org/cbeff/_biometric_org.php.

664 3.2.47 Version

Field Type # ? Meaning Version Y For a description or definition of each data element, see the referenced CBEFF standards in the 3.2.22 major nonNegativeInteger 1 Y CBEFF_BIR_Typeschema. minor nonNegativeInteger 1 Y

665 3.2.48 VersionType

Type: string Description: The version of a component.

666 3.2.49 XML_BIR

Field Type # ? Meaning XML_BIR BaseBIRType Y Defines a BIR type of Binary

XML Oasis_cbeff:BIRType 1 Y BIR information in XML format

61biasprofile-v1.0-cs01 04 November 2011 62Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 31 of 211 6684 BIAS Messages 669This section describes the BIAS messages implementing BIAS operations as defined in ANSI INCITS 670442-2010. The operations are listed alphabetically, with each operation containing a request and a 671response message. The tables follow the conventions described in section 3.1.

Primitive Operations 672

6732.1 AddSubjectToGallery 674AddSubjectToGalleryRequest 675AddSubjectToGalleryResponse 676The AddSubjectToGallery operation registers a subject to a given gallery or population group. As an 677OPTIONAL parameter, the value of the claim to identity by which the subject is known to the gallery MAY 678be specified. This claim to identity MUST be unique across the gallery. If no claim to identity is specified, 679the subject ID (assigned with the CreateSubject operation) will be used as the claim to identity. 680Additionally, in the encounter-centric model, the encounter ID associated with the subject’s biometrics that 681will be added to the gallery MUST be specified. 682 Request Message

Field Type # ? Meaning AddSubjectToGallery Y Register a subject to a given gallery or population group.

AddSubjectToGalleryRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “AddSubjectToGallery”.

GalleryID BIASIDType 1 Y The identifier of the gallery or population group to which the subject will be added.

Identity BIASIdentity 1 Y The identity to add to the gallery.

SubjectID BIASIDType 1 Y A system unique identifier for a subject.

IdentityClaim BIASIDType 0..1 N An identifier by which a subject is known to a particular gallery or population group. (This could be a username or account number, for example.)

683 Response Message

Field Type # ? Meaning AddSubjectToGalleryResponse Y The response to an AddSubjectToGallery operation.

AddSubjectToGalleryResponsePackage 1 Y

ResponseStatus ResponseStatus 1 Y Returned status for the operation.

6842.2 CheckQuality 685CheckQualityRequest 686CheckQualityResponse 687The CheckQuality operation returns a quality score for a given biometric. The biometric input is provided 688in a CBEFF basic structure or CBEFF record, which in this specification is called a CBEFF-BIR. The 689algorithm vendor and algorithm vendor product ID MAY be optionally provided in order to request a 690particular algorithm’s use in calculating the biometric quality. If an algorithm vendor is provided then the 691algorithm vendor product ID is REQUIRED. If no algorithm vendor is provided, the implementing system 692will provide the algorithm vendor and algorithm vendor product ID that were used to calculate the 693biometric quality as output parameters.

Field Type # ? Meaning CheckQuality Y Calculate a quality score for a given biometric.

CheckQualityRequest 1 Y

GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “CheckQuality”.

BiometricData BIASBiometricDataType 1 Y Data structure containing a single biometric sample for which a quality score is to be determined.

BIR CBEFF_BIR_Type 1 Y The biometric sample.

Quality QualityData 0..1 N Specifies a particular algorithm vendor and vender product ID.

AlgorithmVendor VendorIdentifier 1 Y The vendor of the quality algorithm used to determine the quality score.

67biasprofile-v1.0-cs01 04 November 2011 68Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 34 of 211 Field Type # ? Meaning ProductID 1 Y The vendor’s ID AlgorithmVendorProductID for the algorithm used to determine the quality.

Field Type # ? Meaning CheckQualityResponse Y The response to a CheckQuality operation.

CheckQualityResponsePackage 1 Y

QualityInfo QualityData 1 Y Contains the quality information for the submitted biometric sample.

QualityScore oasis_cbeff:Quali 0..1 N The quality of a biometric tyType sample.

AlgorithmVendor VendorIdentifier 1 Y The vendor of the quality algorithm used to determine the quality score. ProductID 1 Y The vendor’s ID for the AlgorithmVendorProductID algorithm used to determine the quality.

AlgorithmVersion VersionType 1 Y The version of the algorithm used to determine the quality.

6962.3 ClassifyBiometricData 697ClassifyBiometricDataRequest 698ClassifyBiometricDataResponse 699The ClassifyBiometricData operation attempts to classify a biometric sample. For example, a fingerprint 700biometric sample may be classified as a whorl, loop, or arch (or other classification classes and sub- 701classes). 702To obtain the types of classification algorithms and classes, see the QueryCapabilities operation.

Field Type # ? Meaning ClassifyBiometricData Y Classifies a biometric sample. ClassifyBiometricDataRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “ClassifyBiometricData ”.

BiometricData BIASBiometricDataType 1 Y Data structure containing a single biometric sample for which the classification is to be determined.

BIR CBEFF_BIR_Type 1 Y The biometric sample.

Field Type # ? Meaning ClassifyBiometricDataResponse Y The response to a ClassifyBiometricData operation, containing the classification of a biometric sample.

ClassifyBiometricDataResponsePackage 1 Y

ClassificationData ClassificationData 1 Y Information on the results and type of classification performed.

Classification Classification 1 Y The result of the classification. ClassificationAlgor 1 Y Identifies the type of ClassificationAlgorithmType ithmType classification algorithm that was used to perform the classification.

7052.4 CreateSubject 706CreateSubjectRequest 707CreateSubjectResponse 708The CreateSubject operation creates a new subject record and associates a subject ID to that record. As 709an optional parameter, the subject ID MAY be specified by the caller. If no subject ID is specified, the 710CreateSubject operation will generate one. 711 Request Message

Field Type # ? Meaning CreateSubject Y

CreateSubjectRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “CreateSubject”.

Field Type # ? Meaning CreateSubjectResponse Y The response to a CreateSubject operation, containing the subject ID of the new subject record.

CreateSubjectRespons 1 Y ePackage ResponseStatus 1 Y Returned status for the operation. ResponseStatus

73biasprofile-v1.0-cs01 04 November 2011 74Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 37 of 211 Field Type # ? Meaning string 0..1 N A short message corresponding to the Message return code.

Identity BIASIdentity 1 Y BIASIDType 1 Y A system unique identifier for a subject. SubjectID

7132.5 DeleteBiographicData 714DeleteBiographicDataRequest 715DeleteBiographicDataResponse 716The DeleteBiographicData operation erases all of the biographic data associated with a given subject 717record. In the encounter-centric model the operation erases all of the biographic data associated with a 718given encounter, and therefore the encounter ID MUST be specified. 719When deleting data, BIAS implementations MAY completely erase the information in order to prevent the 720ability to reconstruct a record in whole or in part, or they MAY track and record the deleted information for 721auditing and/or quality control purposes. 722 Request Message

Field Type # ? Meaning DeleteBiographicData Y Erase all of the biographic data associated with a given subject record or, in the encounter-centric model, with a given encounter.

DeleteBiographicDataRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “DeleteBiographicData” .

Identity BIASIdentity 1 Y

EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject. Required for encounter-centric models.

Field Type # ? Meaning DeleteBiographicDataResponse Y The response to a DeleteBiographicData operation. DeleteBiographicDataResponsePackage 1 Y

7242.6 DeleteBiometricData 725DeleteBiometricDataRequest 726DeleteBiometricDataResponse 727The DeleteBiometricData operation erases all of the biometric data associated with a given subject 728record. In the encounter-centric model the operation erases all of the biometric data associated with a 729given encounter, and therefore the encounter ID MUST be specified. 730When deleting data, BIAS implementations MAY completely erase the information in order to prevent the 731ability to reconstruct a record in whole or in part, or they MAY track and record the deleted information for 732auditing and/or quality control purposes. 733 Request Message

Field Type # ? Meaning DeleteBiometricData Y Erase all of the biometric data associated with a given subject record or, in the encounter-centric model, with a given encounter. DeleteBiometricDataRequest 1 Y

77biasprofile-v1.0-cs01 04 November 2011 78Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 39 of 211 Field Type # ? Meaning GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “DeleteBiometricData”.

Identity BIASIdentity 1 Y

Field Type # ? Meaning DeleteBiometricDataResponse Y The response to a DeleteBiometricData operation.

DeleteBiometricDataResponsePackage 1 Y

7352.7 DeleteSubject 736DeleteSubjectRequest 737DeleteSubjectResponse 738The DeleteSubject operation deletes an existing subject record and, in an encounter-centric model, any 739associated encounter information from the system. This operation also removes the subject from any 740registered galleries.

79biasprofile-v1.0-cs01 04 November 2011 80Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 40 of 211 741When deleting a subject, BIAS implementations MAY completely erase the subject information in order to 742prevent the ability to reconstruct a record or records in whole or in part, or they MAY track and record the 743deleted information for auditing and/or quality control purposes. 744 Request Message

Field Type # ? Meaning DeleteSubject Y Delete an existing subject record and, in an encounter-centric model, any associated encounter information. DeleteSubjectRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “DeleteSubject”.

Identity BIASIdentity 1 Y The identity of the subject to delete.

Field Type # ? Meaning DeleteSubjectResponse Y The response to a DeleteSubject operation.

DeleteSubjectRespons 1 Y ePackage ResponseStatus 1 Y Returned status for the operation. ResponseStatus

Return ReturnCode 1 Y The return code indicates the return status of the operation. string 0..1 N A short message corresponding to the return Message code.

7462.8 DeleteSubjectFromGallery 747DeleteSubjectFromGalleryRequest

81biasprofile-v1.0-cs01 04 November 2011 82Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 41 of 211 748DeleteSubjectFromGalleryResponse 749The DeleteSubjectFromGallery operation removes the registration of a subject from a gallery or 750population group. The subject is identified by either the subject ID or the claim to identity that was 751specified in the AddSubjectToGallery operation. 752 Request Message

Field Type # ? Meaning DeleteSubjectFromGallery Y Remove the registration of a subject from a gallery or population group.

DeleteSubjectFromGalleryRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “DeleteSubjectFromGall ery”.

GalleryID BIASIDType 1 Y The identifier of the gallery or population group from which the subject will be deleted.

Identity BIASIdentity 1 Y The identity to remove from the gallery.

SubjectID BIASIDType 0..1 C A system unique identifier for a subject. Required if an Identity Claim is not provided.

IdentityClaim BIASIDType 0..1 C An identifier by which a subject is known to a particular gallery or population group. Required if a Subject ID is not provided.

Field Type # ? Meaning DeleteSubjectFromGalleryResponse Y The response to a DeleteSubjectFromGallery operation. DeleteSubjectFromGalleryResponsePackag e

Message string 0.. N A short message 1 corresponding to the return code.

7542.9 GetIdentifySubjectResults 755GetIdentifyResultsRequest 756GetIdentifySubjectResultsResponse 757The GetIdentifySubjectResults operation retrieves the identification results for the specified token. This 758opereation is used in conjunction with the IdentifySubject operation. If the IdentifySubject operation is 759implemented as an asynchronous service, the implementing system returns a token and the 760GetIdentifySubjectResults operation is used to poll for the results of the original IdentifySubject request. 761 Request Message

Field Type # ? Meaning GetIdentifySubjectResults Y Retrieve the identification results for a specified token, which was returned by the IdentifySubject operation. GetIdentifySubjectResultsReque 1 Y st GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

85biasprofile-v1.0-cs01 04 November 2011 86Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 43 of 211 Field Type # ? Meaning string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “GetIdentifySubjectRes ults”.

Token TokenType 1 Y A value used to retrieve the results of an IdentifySubject request.

Field Type # ? Meaning GetIdentifySubjectResultsResponse Y The response to a GetIdentifySubjectResults operation, which includes a candidate list.

GetIdentifySubjectResultsRespons 1 Y ePackage

CandidateList CandidateListType 1 Y A rank-ordered list of candidates that have a likelihood of matching the input biometric sample.

Score Score 0..1 N The match score. BiographicDataType 0..1 N Biographic data associated BiographicData with the candidate match.

BIRList CBEFF_BIR_ListType 1 Y Biometric data associated with the candidate match. CBEFF_BIR_Type 0..* N CBEFF structure containing BIR information about a biometric sample.

7632.10 IdentifySubject 764IdentifySubjectRequest 765IdentifySubjectResponse 766The IdentifySubject operation performs an identification search against a given gallery for a given 767biometric, returning a rank-ordered candidate list of a given maximum size. 768If the IdentifySubject operation is implemented as a synchronous service, the implementing system 769immediately processes the request and returns the results in the candidate list. If the IdentifySubject 770operation is implemented as an asynchronous service, the implementing system returns a token, which is 771an indication that the request is being handled asynchronously. In this case, the 772GetIdentifySubjectResults operation is used to poll for the results of the IdentifySubject request. 773 Request Message

Field Type # ? Meaning IdentifySubject Y Perform an identification search against a given gallery for a given biometric.

IdentifySubjectRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “IdentifySubject”.

GalleryID BIASIDType 1 Y The identifier of the gallery or population group which will be searched.

Identity BIASIdentity 1 Y Contains the BIR, a data structure containing the biometric sample for the search.

BiometricData BIASBiometricDataType 1 Y An Identity’s biometric data.

BIR CBEFF_BIR_Type 1 Y Contains biometric information in either a non-XML or an XML representation.

MaxListSize positiveInteger 1 Y The maximum size of the candidate list that should be returned.

Field Type # ? Meaning IdentifySubjectResponse Y The response to an IdentifySubject operation, returning a rank-ordered candidate list.

IdentifySubjectResponsePackage 1 Y

CandidateList CandidateListResultTy 0..1 C A rank-ordered list of pe candidates that have a (see likelihood of matching the IdentifySubjectResultT input biometric sample (i.e., ype) exceed the system threshold). Rank ordering is from highest to lowest match score. Returned with successful synchronous request processing.

Score string 0..1 N The match score.

91biasprofile-v1.0-cs01 04 November 2011 92Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 46 of 211 Field Type # ? Meaning BiographicDataType 0..1 N Biographic data associated BiographicData with the candidate match.

BIRList CBEFF_BIR_ListType 1 Y Biometric data associated with the candidate match. CBEFF_BIR_Type 0..* N CBEFF structure containing BIR information about a biometric sample.

Token TokenResultType 0..1 C A token used to retrieve the (see results of the IdentifySubject IdentifySubjectResultT operation. ype) Returned with asynchronous request processing.

775 NOTES: 776 (1) In the event that the number of candidates exceeding the threshold exceeds the 777 MaxListSize, the system will determine which candidate is included in the last position of 778 the rank ordered candidate list (i.e., in the event of a tie). 779 (2) Requesters MAY NOT change the system thresholds.

7802.11 ListBiographicData 781ListBiographicDataRequest 782ListBiographicDataResponse 783The ListBiographicData operation lists the biographic data elements stored for a subject using the 784Biographic Data Elements output parameter. Note that no actual biographic data is returned by this 785operation (see the RetrieveBiographicInformation operation to obtain the biographic data). In the 786encounter-centric model, an encounter ID MAY be specified to indicate that only the biographic data 787elements stored for that encounter should be returned. If an encounter ID is not specified and encounter 788data exists for the subject, the operation returns the list of encounter IDs which contain biographic data 789using the Encounter List output parameter, and the Biographic Data Elements output parameter is empty. 790 Request Message

Field Type # ? Meaning ListBiographicData Y Lists the biographic data elements stored for a subject.

ListBiographicDataRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “ListBiographicData”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter- centric model, a subject and an encounter.

EncounterID BIASIDType 0..1 N The identifier of an encounter associated with the subject.

Field Type # ? Meaning ListBiographicDataResponse Y The response to a ListBiographicData request, containing a list of biographic data elements stored for a subject. In the encounter-centric model, the biographic data elements for a specific encounter are returned. If an encounter ID is not specified and encounter data exists for the subject, the list of encounter IDs which contain biographic data is returned.

ListBiographicDataResponsePackage 1 Y

Identity BIASIdentity 1 Y Contains a list of biographic data elements associated with a subject or encounter; non-empty if the service was successful, biographic data exists, and either (a) the person-centric model is being used or (b) the encounter- centric model is being used and an encounter identifier was specified. BiographicDataType 0..1 C An Identity’s BiographicDataElements biographic data elements that are stored in the implementing system. BiographicDataItemType 0..* N A single biographic BiographicDataItem data element.

Name string 1 Y The name of the biographic data item.

Type string 1 Y The data type for the biographic data item.

EncounterList EncounterListType 0..1 C A list of encounter ID’s associated with a subject and which contain biographic data; non-empty if the service was successful, biographic data exists, the encounter-centric model is being used, and an encounter identifier was not specified.

EncounterID BIASIDType 0..* N The identifier of an encounter.

7922.12 ListBiometricData 793ListBiometricDataRequest 794ListBiometricDataResponse 795The ListBiometricData operation lists the biometric data elements stored for a subject using the Biometric 796Data List output parameter. Note that no actual biometric data is returned by this operation (see the 797RetrieveBiometricInformation operation to obtain the biometric data). In the encounter-centric model, an 798encounter ID MAY be specified to indicate that only the biometric data elements stored for that encounter 799should be returned. If an encounter ID is not specified and encounter data exists for the subject, the 800operation returns the list of encounter IDs which contain biometric data using the Encounter List output 801parameter, and the Biometric Data List output parameter is empty. 802An optional parameter MAY be used to indicate a filter on the list of returned data. Such a filter may 803indicate that only biometric types should be listed (e.g., face, finger, iris, etc.) or that only biometric 804subtypes for a particular biometric type should be listed (e.g., all fingerprints: left slap, right index, etc.). If 805a filter is not specified, all biometric type and biometric subtype information are listed (e.g., left index 806finger, right iris, face frontal, etc.). 807 Request Message

Field Type # ? Meaning ListBiometricData Y Lists the biometric data elements stored for a subject.

ListBiometricDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “ListBiometricData” .

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter.

ListFilterType ListFilterType 0..1 N Indicates what biometric information should be returned.

BiometricTypeFilter oasis_cbeff:MultipleTypesT 1..* Y Limits the returned ype information to a specific type of biometric, as defined by CBEFF. boolean 1 Y A Boolean flag IncludeBiometricSubType indicating if biometric subtype information should be returned.

Field Type # ? Meaning ListBiometricDataResponse Y The response to a ListBiometricData operation, containing a list of biometric data elements stored for a subject. In the encounter- centric model, the biometric data elements for a specific encounter are returned. If an encounter ID is not specified and encounter data exists for the subject, the list of encounter IDs which contain biometric data is returned.

ListBiometricDataResponsePackage 1 Y

Identity BIASIdentity 0..1 N Includes a list of biometric data elements associated with a subject or encounter or a list of encounter ID’s associated with a subject and which contain biometric data.

BiometricData BIASBiometricDataType 0..1 C An Identity’s biometric data. BiometricDataListType 0..1 N A list of biometric BiometricDataList data elements.

103biasprofile-v1.0-cs01 04 November 2011 104Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 52 of 211 Field Type # ? Meaning BiometricDataElementType 1..* Y Data structure BiometricDataElement containing information about a biometric record. oasis_cbeff:MultipleTypesTy 1 Y The type of BiometricType pe biological or behavioral data stored in the biometric record, as defined by CBEFF. positiveInteger 0..1 N The number of BiometricTypeCount biometric records having the biometric type recorded in the biometric type field. oasis_cbeff:SubtypeType 0..1 N More specifically BiometricSubType defines the type of biometric data stored in the biometric record, as defined by CBEFF. positiveInteger 1 Y Identifies the BDBFormatOwner standards body, working group, industry consortium, or other CBEFF biometric organization that has defined the format for the biometric data. positiveInteger 1 Y Identifies the BDBFormatType specific biometric data format specified by the CBEFF biometric organization recorded in the BDB Format Owner field.

EncounterList EncounterListType 0..1 C A list of encounter ID’s associated with a subject and which contain biometric data; non-empty if the service was successful, biometric data exists, the encounter-centric model is being used, and an encounter identifier was not specified.

EncounterID BIASIDType 1..* Y The identifier of an encounter.

8092.13 PerformFusion 810PerformFusionRequest 811PerformFusionResponse 812The PerformFusion operation accepts either match score or match decision information and creates a 813fused match result. The FusionInformationListType, through the FusionInformationType, provides specific 814elements for match score input and match decision input. The fusion method and processes are left to the 815implementing system. 816 Request Message

Field Type # ? Meaning PerformFusion Y Accepts either match score or match decision information and creates a fused match result.

PerformFusionRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “PerformFusion”.

FusionInput FusionInformationListType 1 Y Score or decision input information to the fusion method.

FusionElement FusionInformationType 2..* Y A set of fusion information.

BiometricType oasis_cbeff:MultipleTypesT 1 Y The type of ype biological or behavioral data stored in the biometric record, as defined by CBEFF. oasis_cbeff:SubtypeType 0..1 N More specifically BiometricSubType defines the type of biometric data stored in the biometric record. string 1 Y The owner or AlgorithmOwner vendor of the algorithm used to determine the score or decision.

AlgorithmType string 1 Y The Algorithm Owner’s identifier for the specific algorithm product and version used to determine the score or decision.

FusionResult FusionResult 0..1 C Either FusionScore or a FusionDecision element MUST be used.

Field Type # ? Meaning PerformFusionResponse Y The response to the PerformFusion operation.

PerformFusionResponsePackage 1 Y

Match MatchType 1 1 Indicates the result of the fusion method.

8182.14 QueryCapabilities 819QueryCapabilitiesRequest 820QueryCapabilitiesResponse 821The QueryCapabilities operation returns a list of the capabilities, options, galleries, etc. that are supported 822by the BIAS implementation. Refer to Annex A in the INCITS BIAS standard [INCITS-BIAS] for 823conformance requirements regarding which capability names an implementation must use in the 824QueryCapabilities operation. 825 Request Message

Field Type # ? Meaning QueryCapabilities Y Returns a list of the capabilities, options, galleries, etc. that are supported by the BIAS implementation.

QueryCapabilitiesRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “QueryCapabilities”.

Field Type # ? Meaning QueryCapabilitiesResponse Y The response to a QueryCapabilities operation. QueryCapabilitiesResponsePackage 1 Y

CapabilityList CapabilityListType 1 Y A list of capabilities supported by the BIAS implementation.

Capability CapabilityType 0..* N A single capability.

CapabilityName CapabilityName 1 Y The name of the capability.

CapabilityID string 0..1 N An identifier assigned to the capability by the implementing system.

CapabilityDescription string 0..1 N A description of the capability.

CapabilityValue string 0..1 N A value assigned to the capability. string 0..1 N A secondary value CapabilitySupportingValue supporting the capability. string 0..1 N Contains additional CapabilityAdditionalInfo information for the supported capability.

8272.15 RetrieveBiographicInformation 828RetrieveBiographicInformationRequest 829RetrieveBiographicInformationResponse 830The RetrieveBiographicInformation operation retrieves the biographic data associated with a subject ID. 831In the encounter-centric model, the encounter ID MAY be specified and the operationwill return the 832biographic data associated with that encounter. If the encounter ID is not specified in the encounter- 833centric model, the operation returns the biographic information associated with the most recent encounter.

Field Type # ? Meaning RetrieveBiographicInformation Y Retrieves the biographic data associated with a subject ID. RetrieveBiographicInformationReq 1 Y uest GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “RetrieveBiographicI nformation”.

EncounterID BIASIDType 0.. N The identifier of an 1 encounter associated with the subject.

Field Type # ? Meaning RetrieveBiographicInformationResponse Y The response to a RetrieveBiographicInf ormation operation.

RetrieveBiographicInformationRespons 1 Y ePackage

Identity BIASIdentity 1 Y Includes the set of biographic data associated with a subject.

BiographicData BiographicDataType 1 Y An Identity’s biographic data. One of the following elements MUST be present.

LastName string 0..1 C The last name of a subject.

FirstName string 0..1 C The first name of a subject. BiographicDataItemType 0..* C A single biographic BiographicDataItem data element. BiographicDataItemType 0..1 C A set of biographic BiographicDataSet data information.

8362.16 RetrieveBiometricInformation 837RetrieveBiometricInformationRequest 838RetrieveBiometricInformationResponse 839The RetrieveBiometricInformation operation retrieves the biometric data associated with a subject ID. In 840the encounter-centric model, the encounter ID MAY be specified and the operationwill return the biometric 841data associated with that encounter. If the encounter ID is not specified in the encounter-centric model, 842the operation returns the biometric information associated with the most recent encounter.The operation 843provides an OPTIONAL input parameter to specify that only biometric data of a certain type should be 844retrieved. 845 Request Message

Field Type # ? Meaning RetrieveBiometricInformation Y Retrieves the biometric data associated with a subject ID.

RetrieveBiometricInformationReque 1 Y st

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “RetrieveBiometricInfor mation”.

BiometricType oasis_cbeff:MultipleTypesT 0..1 N The type of biological ype or behavioral data to retrieve.

Field Type # ? Meaning RetrieveBiometricInformationResponse Y The response to a RetrieveBiometricInformati on operation.

RetrieveBiometricInformationRespon 1 Y sePackage

Identity BIASIdentity 1 Y Includes the biometric data associated with a subject.

BIRList CBEFF_BIR_ListType 1 Y A list of CBEFF-BIR elements.

BIR CBEFF_BIR_Type 0..* N CBEFF structure containing information about a biometric sample.

8472.17 SetBiographicData 848SetBiographicDataRequest 849SetBiometricDataResponse 850The SetBiographicData operation associates biographic data to a given subject record. The identity model 851of the system determines whether the biographic information should replace any existing biographic 852information (person-centric model) or if a new encounter should be created and associated with the 853subject (encounter-centric model). For encounter-centric models, the encounter ID MAY be specified by 854the caller in order to link biographic and biometric information (assuming biometric information was 855previously associated using the SetBiometricData operation). If the encounter ID is omitted for the 856encounter-centric model, the operation returns a system-assigned encounter ID. 857 Request Message

Field Type # ? Meaning SetBiographicData Y Associates biographic data to a given subject record.

SetBiographicDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “SetBiographicDat a”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biographic data to store.

FirstName string 0..1 C The first name of a subject. BiographicDataItemType 0..* C A single biographic BiographicDataItem data element. BiographicDataSetType 0..1 C A set of biographic BiographicDataSet data information.

Field Type # ? Meaning SetBiographicDataResponse Y The response to a SetBiographicData operation. SetBiographicDataResponsePackage 1 Y

Identity BIASIdentity 0..1 C In an encounter-centric model, identifies the encounter ID assigned to a new encounter.

EncounterID BIASIDType 1 Y The identifier of an encounter associated with the subject.

8592.18 SetBiometricData 860SetBiometricDataRequest 861SetBiometricDataResponse 862The SetBiometricData operation associates biometric data to a given subject record. The identity model of 863the system determines whether the biometric information should replace any existing biometric 864information (person-centric model) or if a new encounter should be created and associated with the 865subject (encounter-centric model). For encounter-centric models, the encounter ID MAY be specified by 866the caller in order to link biographic and biometric information (assuming biographic information was 867previously associated using the SetBiographicData operation). If the encounter ID is omitted for the 868encounter-centric model, the operation returns a system-assigned encounter ID. 869 Request Message

Field Type # ? Meaning SetBiometricData Y Associates biometric data to a given subject record.

SetBiometricDataRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “SetBiometricData”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biometric data to store.

BIRList CBEFF_BIR_ListType 1 Y A list of CBEFF-BIR elements. CBEFF_BIR_Type 1..* Y CBEFF structure BIR containing information about a biometric sample.

Field Type # ? Meaning SetBiometricDataResponse Y The response to a SetBiometricData operation.

SetBiometricDataResponsePackage 1 Y

Identity BIASIdentity 0..1 C In an encounter-centric model, identifies the encounter ID assigned to a new encounter.

EncounterID BIASIDType 1 Y The identifier of an encounter associated with the subject.

8712.19 TransformBiometricData 872TransformBiometricDataRequest 873TransformBiometricDataResponse 874The TransformBiometricData operation transforms or processes a given biometric in one format into a 875new target format. 876 Request Message

Field Type # ? Meaning TransformBiometricData Y Transforms or processes a given biometric in one format into a new target format.

TransformBiometricDataRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “TransformBiometricDat a”.

InputBIR CBEFF_BIR_Type 1 Y Data structure containing the biometric information to be transformed.

TransformOperation unsignedLong 1 Y Value indicating the type of transformation to perform.

TransformControl string 0..1 N Specifies controls for the requested transform operation. Note: This could be a compression ratio, target data format, etc.

877 NOTE: The values for TransformOperation and TransformControl are implementation specific. 878 Response Message

Field Type # ? Meaning TransformBiometricDataResponse Y The response to a TransformBiometricData operation.

TransformBiometricDataResponsePackage 1 Y

OutputBIR CBEFF_BIR_Type 0..1 N Data structure containing the new, transformed biometric information.

8792.20 UpdateBiographicData 880UpdateBiographicDataRequest 881UpdateBiographicDataResponse 882The UpdateBiographicData operation updates the biographic data for an existing subject record. The 883operation replaces any existing biographic data with the new biographic data. In the encounter-centric 884model, the encounter ID MUST be specified. 885 Request Message

Field Type # ? Meaning UpdateBiographicData Y Updates the biographic data for a given subject record.

UpdateBiographicDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “UpdateBiographic Data”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biographic data to update.

FirstName string 0..1 C The first name of a subject. BiographicDataItemType 0..* C A single BiographicDataItem biographic data element. BiographicDataSetType 0..1 C A set of biographic BiographicDataSet data information.

Field Type # ? Meaning UpdateBiographicDataResponse Y The response to an UpdateBiographicData operation.

UpdateBiographicDataResponsePackage 1 Y

8872.21 UpdateBiometricData 888UpdateBiometricDataRequest 889UpdateBiometricDataResponse 890The UpdateBiometricData operation updates the biometric data for an existing subject record. The 891operation includes an OPTIONAL parameter indicating if the new biometric sample should be merged 892with the existing biometric sample. If this parameter is set to “False” or is not used in the request, the

133biasprofile-v1.0-cs01 04 November 2011 134Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 67 of 211 893operation replaces the existing biometric sample with the new biometric sample. In the encounter-centric 894model, the encounter ID MUST be specified. 895 Request Message

Field Type # ? Meaning UpdateBiometricData Y Updates a single biometric sample for a given subject record.

UpdateBiometricDataRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “UpdateBiometricData”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biometric data to update.

BIR CBEFF_BIR_Type 1 Y Contains biometric information in either a non-XML or an XML representation.

Merge boolean 0..1 N Value indicating if the input biometric sample should be merged with any existing biometric information.

Field Type # ? Meaning UpdateBiometricDataResponse Y The response to an UpdateBiometricData operation.

UpdateBiometricDataResponsePackage 1 Y

8972.22 VerifySubject 898VerifySubjectRequest 899VerifySubjectResponse 900The VerifySubject operation performs a 1:1 verification match between a given biometric and either a 901claim to identity in a given gallery or another given biometric. As such either the Identity Claim or 902Reference BIR input parameters are REQUIRED. 903 Request Message

Field Type # ? Meaning VerifySubject Y Performs a 1:1 verification match between a given biometric and either a claim to identity in a given gallery or another given biometric.

VerifySubjectRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “VerifySubject”.

GalleryID BIASIDType 0..1 C The identifier of the gallery or population group of which the subject must be a member. Required if an Identity Claim is provided.

Identity BIASIdentity 1 Y Includes the identifying information and/or input and reference biometric samples.

IdentityClaim BIASIDType 0..1 C An identifier by which a subject is known to a particular gallery or population group. Required if a Reference BIR is not provided.

InputBIR CBEFF_BIR_Type 1 Y Maps to specific INCITS BIAS elements as required by that specification. CBEFF_BIR_Type 0..1 C Maps to specific INCITS ReferenceBIR BIAS elements as required by that specification. Required if an Identity Claim is not provided.

Field Type # ? Meaning VerifySubjectResponse Y The response to a VerifySubject operation. VerifySubjectResponsePackage 1 Y

Match boolean 0..1 N Indicates if the Input BIR matched either the biometric information associated with the Identity Claim or the Reference BIR.

Score Score 0..1 N The score if the biometric information matched.

Aggregate Operations 905

9063.1 Enroll 907EnrollRequest 908EnrollResponse 909The Enroll operation adds a new subject or, in an encounter-centric model, a new encounter to the 910system. This may be accomplished in a number of different ways according to system requirements 911and/or resources.If the Enroll operation is implemented as a synchronous service, the implementing 912system immediately processes the request and returns the results in the Return Data parameter. If the 913Enroll operation is implemented as an asynchronous service, the implementing system returns a token in 914the Return Data parameter, which is an indication that the request is being handled asynchronously. In 915this case, the GetEnrollResults operationis used to poll for the results of the Enroll request. 916 Request Message

Field Type # ? Meaning Enroll Y Adds a new subject or, in an encounter-centric model, a new encounter to the system.

EnrollRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “Enroll”.

ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed.

InputData InformationType 1 Y Contains the input data for the operation, as required by the implementing system.

Field Type # ? Meaning EnrollResponse Y The response to an Enroll operation.

EnrollResponsePackage 1 Y

ReturnData InformationType 0..1 N Contains the output data for the response.

9183.2 GetEnrollResults 919GetEnrollResultsRequest 920GetEnrollResultsResponse 921The GetEnrollResults operation retrieves the enrollment results for the specified token. This operation is 922used in conjunction with the Enroll operation. If the Enroll operation is implemented as an asynchronous 923service, the implementing system returns a token and the GetEnrollResults operation is used to poll for 924the results of the original Enroll request. 925If the service provider implements an asynchronous Enroll operation, then it MUST also implement the 926GetEnrollResults operation. 927 Request Message

Field Type # ? Meaning GetEnrollResults Y Retrieves the enrollment results for the specified token. GetEnrollResultsRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “GetEnrollResults”.

Token TokenType 1 Y A value used to retrieve the results of the Enroll request.

Field Type # ? Meaning GetEnrollResultsResponse Y The response to a GetEnrollResults operation.

GetEnrollResultsResponsePackage 1 Y

9293.3 GetIdentifyResults 930GetIdentifyResultsRequest

145biasprofile-v1.0-cs01 04 November 2011 146Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 73 of 211 931GetIdentifyResultsResponse 932The GetIdentifyResults operation retrieves the identification results for the specified token. This operation 933is used in conjunction with the Identify operation. If the Identify operation is implemented as an 934asynchronous service, the implementing system returns a token and the GetIdentifyResults operation is 935used to poll for the results of the original Identify request. 936If the service provider implements an asynchronous Identify operation, then it MUST also implement the 937GetIdentifyResults operation. 938 939 Request Message

Field Type # ? Meaning GetIdentifyResults Y Retrieves the identification results for the specified token

GetIdentifyResultsRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “GetIdentifyResults”.

Token TokenType 1 Y A value used to retrieve the results of the Identify request.

Field Type # ? Meaning GetIdentifyResultsResponse Y The response to a GetIdentifyResults operation. GetIdentifyResultsResponsePackage 1 Y

9413.4 GetVerifyResults 942GetVerifyResultsRequest 943GetVerifyResultsResponse 944The GetVerifyResults operation retrieves the verification results for the specified token. This operation is 945used in conjunction with the Verify operation. If the Verify operation is implemented as an asynchronous 946service, the implementing system returns a token and the GetVerifyResults operation is used to poll for 947the results of the original Verify request. 948If the service provider implements an asynchronous Verifyoperation, then it MUST also implement the 949GetVerifyResults operation. 950 Request Message

Field Type # ? Meaning GetVerifyResults Y Retrieves the verification results for the specified token

GetVerifyResultsRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

149biasprofile-v1.0-cs01 04 November 2011 150Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 75 of 211 Field Type # ? Meaning string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “GetVerifyResults”.

Token TokenType 1 Y A value used to retrieve the results of the Verify request.

Field Type # ? Meaning GetVerifyResultsResponse Y The response to a GetVerifyResults operation.

GetVerifyResultsResponsePackage 1 Y

9523.5 Identify 953IdentifyRequest

151biasprofile-v1.0-cs01 04 November 2011 152Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 76 of 211 954IdentifyResponse 955The Identify operation performs an identification function according to system requirements and/or 956resources.If the Identify operation is implemented as a synchronous service, the implementing system 957immediately processes the request and returns the results in the Return Data parameter. If the Identify 958operation is implemented as an asynchronous service, the implementing system returns a token in the 959Return Data parameter, which is an indication that the request is being handled asynchronously. In this 960case, the GetIdentifyResults operation is used to poll for the results of the Identify request. 961 Request Message

Field Type # ? Meaning Identify Y Performs an identification function. IdentifyRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “Identify”.

InputData InformationType 1 Y Contains the input data for the aggregate services.

Field Type # ? Meaning IdentifyResponse Y The response to an Identify operation.

IdentifyResponsePackage 1 Y

9633.6 RetrieveInformation 964RetrieveInformationRequest 965RetrieveInformationResponse 966The RetrieveInformation operation retrieves requested information about a subject, or in an encounter- 967centric model about an encounter. In a person-centric model, this operation can be used to retrieve both 968biographic and biometric information for a subject record. In an encounter-centric model, this operation 969can be used to retrieve biographic and/or biometric information for either a single encounter or all 970encounters. Either a subject ID or encounter ID MUST be specified. 971 Request Message

Field Type # ? Meaning RetrieveInformation Y Retrieves requested information about a subject or encounter.

RetrieveInformationRequest 1 Y GenericRequestParameters 0..1 N Common request GenericRequestParameters parameters that can be used to identify the requester.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “RetrieveInformation”.

ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed, and MAY identify what type(s) of information should be returned.

Identity BIASIdentity 1 Y Includes the identifier of the subject or encounter.

SubjectID BIASIDType 0..1 C A system unique identifier for a subject. Required if an Encounter ID is not provided.

EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject. Required if a Subject ID is not provided.

Field Type # ? Meaning RetrieveInformationResponse Y Response to a RetrieveInformation operation. RetrieveInformationResponsePackage 1 Y

9733.7 Verify 974VerifyRequest 975VerifyResponse 976The Verify operation performs a 1:1 verification function according to system requirements and/or 977resources. Either the Identity Claim or Reference BIR input parameters are REQUIRED.If the Verify 978operation is implemented as a synchronous service, the implementing system immediately processes the 979request and returns the results in the Return Data parameter. If the Verify operation is implemented as an 980asynchronous service, the implementing system returns a token in the Return Data parameter, which is 981an indication that the request is being handled asynchronously. In this case, the GetVerifyResults 982operation is used to poll for the results of the Verify request. 983 Request Message

Field Type # ? Meaning Verify Y Performs a 1:1 verification function. VerifyRequest 1 Y

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application. string 0..1 N Identifies the BIAS BIASOperationName operation that is being requested: “Verify”.

InputData InformationType 1 Y Contains the input data for the aggregate services.

Identity BIASIdentity 1 Y Includes either the Identity Claim or Reference BIR.

IdentityClaim BIASIDType 0..1 C An identifier by which a subject is known to a particular gallery or population group. Required if a Reference BIR is not provided.

BiometricData BIASBiometricDataType 0..1 N An Identity’s biometric data. CBEFF_BIR_Type 0..1 C Maps to specific ReferenceBIR INCITS BIAS elements as required by that specification. Required if an Identity Claim is not provided.

GalleryID BIASIDType 0..1 C The identifier of the gallery or population group of which the subject must be a member. Required if an Identity Claim is provided.

Field Type # ? Meaning VerifyResponse Y The response to a Verify operation.

VerifyResponsePackage 1 Y

161biasprofile-v1.0-cs01 04 November 2011 162Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 81 of 211 9865 Message structure and rules 987BIAS operations and data elements are defined in XML in the INCITS 422 BIAS standard. This OASIS 988standard further specifies the full XML schema (see AnnexA) and specifies how this XML is packaged 989and exchanged as SOAP messages. 990Annex A provides a WSDL of operations and structures aggregated from all the conformance classes, 991both synchronous and asynchronous. A specific implementation’s WSDL must only expose its respective 992operations and structures. For example, for a Class 5-only conformant implementation, all of the primitive 993operations must not be exposed as operations (with the exception of QueryCapabilities) unless that 994functionality is supported. Additionally, the WSDL exposed by an implementation shall not contain 995instances of xsd:any, xsd:anyType, or xsd:anyAttribute; these instances must be replaced with explicit 996schema contents. An example is the XML complex type, InformationType, which has xsd:any as its only 997child. This type is used to represent implementation-specific input data and return data. The children of 998InformationType must be replaced with explicit content. Doing so removes the ability to transmit 999unexpected or arbitrary data. Also, it provides a clear definition of information that a client needs to 1000provide to the server,or expect to receive,to optimally perform an operation. 1001SOAP 1.1 messages consist of three elements: an envelope, header data, and a message body. BIAS 1002request-response elements MUST be enclosed within the SOAP message body. The general structure of 1003the BIAS SOAP message is shown in Figure 4, below. The data model for BIAS is addressed in Section3 1004and BIAS messages in Section 4. 1005 SOAP Envelope

SOAP Header

SOAP Body

SOAP Payload

BIAS XML Elements

1006 1007 Figure 4. BIAS SOAP Structure 1008 1009Biometric data, regardless of native format, is carried as a binary structure. As such, options exist on how 1010this data is carried within the SOAP structure. It can be carried as embedded Base-64 objects or [XOP] 1011can be used – this standard allows for either method (See section 5.3).

1012 5.1 Purpose and constraints 1013This document defines a SOAP profile describing how the XML elements defined in INCITS 442 are to be 1014used as the payload of a SOAP message and the rules for structuring and exchanging such messages. 1015Philosophical tenets include:

163biasprofile-v1.0-cs01 04 November 2011 164Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 82 of 211 1016  SOAP messages will carry BIAS XML [XML 10] payloads. 1017  SOAP messages will follow WS-I and will deviate only when absolutely necessary. 1018  Message structures and interchanges will be kept as simple as possible – “nice to have” 1019 features will be addressed in future revisions. 1020  XML schemas will be produced based on INCITS 442. 1021  BIAS will support a broad range of application domains. 1022  BIAS will allow for a variety of biometric and biographic data formats to be used 1023  Only the SOAP messaging will be defined – no message protocols or client/server agents 1024 will be defined. 1025  Basic usage/formatting rules (beyond WS-I) will be defined. 1026  Existing biometric and Web services standards will be leveraged wherever possible. 1027  Sample WSDL and use cases will be provided as an aid in implementation. 1028  Use of basic SOAP will allow all other compatible WS* standards (and discovery 1029 mechanisms) to be used in conjunction with BIAS messaging. 1030  BIAS will support both secure (i.e., using existing security mechanisms such as WS- 1031 Security, SAML, etc,) and non-secure implementations. 1032  Generic biometric operations will be defined – use of biometrics within a Web services 1033 authentication protocol is not addressed. 1034  OASIS namespace rules will be followed, though some external schemas MAY also be 1035 referenced.

1036 5.2 Message requirements 1037BIAS SOAP messages MUST conform to [WS-I-Basic] and [WS-I-Bind]. A single BIAS SOAP message 1038MUST contain only one BIAS service request (or single BIAS service response). Binary components of 1039BIAS messages are already Base-64 encoded and therefore do not need to be conveyed as SOAP 1040attachments (though XOP MAY be utilized). 1041The system model used for BIAS conversations over SOAP is a simple request-response model. BIAS 1042comprises both synchronous and asynchronous operations, with the majority being of the former type. 1043Asynchronous operations are implemented through message pairs. That is, there are separate messages 1044to request the operation and to request the results of the operation. These have been defined for those 1045operations that are likely to take significant time to complete. For example, an identify operation can be 1046implemented as either a synchronous or asynchronous service as follows: 1047 service provider client service provider client IdentifySubject () IdentifySubject () Return, Token Return, CandidateList

GetIdentifySubjectResults (Token)

Return, CandidateList

1048 (a) Synchronous Operation (b) Asynchronous Operation 1049 Figure 5. Example of Synchronous and Asynchronous BIAS Operations 1050 1051 165biasprofile-v1.0-cs01 04 November 2011 166Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 83 of 211 1052The basic process for using SOAP for BIAS operations is: 1053 1. A system entity acting as a BIAS requester transmits a BIAS request element within the body of a 1054 SOAP message to a system entity acting as a BIAS responder. The BIAS requester MUST NOT 1055 include more than one BIAS request per SOAP message or include any additional XML elements 1056 in the SOAP body. 1057 2. The BIAS responder MUST return either a BIAS response element within the body of another 1058 SOAP message or generate a SOAP fault. The BIAS responder MUST NOT include more than 1059 one BIAS response per SOAP message or include any additional XML elements in the SOAP 1060 body. If a BIAS responder cannot, for some reason, process a BIAS request, it MUST generate a 1061 SOAP fault. (SOAP 1.1 faults and fault codes are discussed in [SOAP11] section 5.1.) 1062 3. On receiving a BIAS response in a SOAP message, the BIAS requester MUST NOT send a fault 1063 code or other error messages to the BIAS responder. Since the format for the message 1064 interchange is a simple request-response pattern, adding additional items such as error 1065 conditions would needlessly complicate the protocol. 1066SOAP 1.1 also defines an optional data encoding system. This system is not used within the BIAS SOAP 1067binding. This means that BIAS messages can be transported using SOAP without re-encoding from the 1068“standard” BIAS schema to one based on the SOAP encoding. 1069 NOTE: [SOAP11] references an early draft of the XML Schema specification including an 1070 obsolete namespace. BIAS requesters SHOULD generate SOAP documents referencing only the 1071 final XML schema namespace. BIAS responders MUST be able to process both the XML schema 1072 namespace used in [SOAP11] as well as the final XML schema namespace.

1073 5.3 Handling binary data 1074BIAS messages frequently contain binary data (e.g., biometric data, scanned identity documents, etc.). 1075Two methods are provided for dealing with this: 1076  Embedded Base64 encoding 1077  XOP [XOP] 1078Use of SOAP with Attachments (SWA) is deprecated.

1079 5.3.1 Base64 encoding 1080This method is the default method for including binary data. Binary data is Base64 encoded and included 1081between the tags in the XML SOAP body for the appropriate data elements. Data elements using this 1082method are indicated as such in the schema. 1083As an example, the CBEFF_BIR_Type includes, as one of the BIR types, BinaryBIR of type 1084base64binary. 1085 1086 1087 1088However, even an XML_BIR as defined within [CBEFF3], contains a biometric data block (BDB) which 1089may be entirely binary (most common), 1090 1091 1092 1093or contain an element which is binary (e.g., an image within an XML BDB).

1094 5.3.2 Use of XOP 1095When XOP is used, the binary content is replaced with a reference (URI) to an attachment (i.e., MIME) 1096which contains that “stripped” content via an xop:include. The advantage of this method is overall

167biasprofile-v1.0-cs01 04 November 2011 168Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 84 of 211 1097message size during transmission since the overhead of the embedded Base64 is not present (since the 1098MIME attachment contains the native binary format). 1099Use of XOP is generally transparent to the developer, other than in how they configure their toolset. Most 1100frameworks support this; however, there is a possibility of mismatch if the transmitter supports and uses 1101XOP but the receiver does not.

1102 5.4 Discovery 1103BIAS implementers (service providers) MUST provide WSDL [WSDL11] to describe their 1104implementations. This WSDL MAY or may not be made public via a standard discovery mechanism 1105(such as UDDI) or other method. 1106In addition, it is REQUIRED that the BIAS implementation include the QueryCapabilities operation to 1107provide dynamic information regarding BIAS capabilities, options, galleries, etc. that are supported.

1108 5.5 Identifying operations 1109Receivers of BIAS SOAP messages require a method of easily identifying the operation being requested 1110(or response being provided). This SHOULD be possible without the receiver needing to infer it from the 1111sum of the elements provided within the body of the SOAP message. The BIAS SOAP profile allows for 1112two methods of identifying BIAS operations: 1113  Explicit named element in body of the SOAP message 1114  Use of WS-Addressing Action element

1115 5.5.1 Operation name element 1116The BIAS message sender (requester) will include within the body of the BIAS SOAP message an XML 1117element . The receiver (service provider) can search for this tag within a received 1118BIAS SOAP message to determine what operation is being requested. There is no requirement related to 1119the ordering of this element within the message, though it is RECOMMENDED that it be included early in 1120the message to aid in human readability. 1121An example of this method for the CreateSubject operation is shown below: 1122 1123POST /bias HTTP/1.1 1124Host: www.acme.com 1125Content-Type: application/soap+xml; charset=”utf-8” 1126Content-Length: nnnn 1127SOAPAction: “” 1128 1129 1130 1131 1133 1134 BIAS Application 1135 BIAS User 1136 CreateSubject 1137 1138 1139 123456789 169biasprofile-v1.0-cs01 04 November 2011 170Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 85 of 211 1140 1141 1142 1143

1144 5.5.2 WS-Addressing Action 1145WS-Addressing [WS-Addr] provides a mechanism for including action information inside any SOAP 1146message. The information is in the SOAP Header. The WS-Addressing ‘Action’ element is used to 1147indicate the intent of the message. The value is a URI/IRI identifying that intent; however, there are no 1148restrictions on the format or specificity of the URI/IRInor a requirement that it can be resolved. Adoption 1149of this option also requires that the WS-Addressing ‘To’, ‘ReplyTo’, and ‘MessageID’ elements are 1150supplied, as they are mandatory elements in a request-reply message pattern as used within BIAS. 1151Response messages would also need to use WS-Addressing, requiring the ‘To’ (matching the ‘ReplyTo’ 1152element in the request), ‘RelatesTo’ (matching the ‘MessageID’ element in the request), and 1153‘RelationshipType’ (default value to “wsa:Reply”) elements. 1154Use of WS-Addressing is OPTIONAL in this profile as is this method of using the ‘Action’ field for this 1155purpose. However, when BIAS is used within an environment using WS-Addressing, it is 1156RECOMMENDED that this approach for use of the ‘Action’ field to carry the BIAS operation name is 1157employed, either alone or in combination with the BIASOperationName approach described in section 11585.5.1. 1159An example for a message request for the CreateSubject operation would look likethe following: 1160 1161 POST /bias HTTP/1.1 1162 Host: www.acme.com 1163 Content-Type: application/soap+xml; charset=”utf-8” 1164 Content-Length: nnnn 1165 SOAPAction: “” 1166 1167 1170 1171 some-ID 1172 1173 response-URI 1174 1175 destination-URI 1176 CreateSubject 1177 1178 1179 1181 1182 1183

171biasprofile-v1.0-cs01 04 November 2011 172Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 86 of 211 1184 5.6 Security 1185The end-points that exchange SOAP messages (or handle the contents of the BIAS operations) are 1186expected to be protected and trusted such that message-level security mechanisms may not be required. 1187The use of SSL (HTTPS) or VPN technology that provides end-point to end-point security is 1188RECOMMENDED and MAY be sufficient in some cases. Other mechanisms such as Signed XML or 1189WSS [WSS] could also be implemented. 1190Unless stated otherwise, the following security statements apply to all BIAS bindings.

1191 5.6.1 Use of SSL 3.0 or TLS 1.0 1192Unless otherwise specified, in any BIAS binding’s use of SSL 3.0 [SSL3] or TLS1.0 [RFC2246], servers 1193MUST authenticate clients using a X.509 v3 certificate [X509]. The client MUST establish server identity 1194based on contents of the certificate (typically through examination of the certificate’s subject DN field, 1195subjectAltName attribute, etc.). 1196Use of transport level security in the form of SSL or TLS is OPTIONAL but highly RECOMMENDED. Use 1197of these mechanisms alone may not be sufficient for end-to-end integrity and confidentiality, however (see 11985.6.3 and 5.6.4 below).

1199 5.6.2 Data Origin Authentication 1200Authentication of both the BIAS requester and the BIAS responder associated with a message is 1201OPTIONAL and depends on the environment of use: Authentication mechanisms available at the SOAP 1202message exchange layer or from the underlying substrate protocol (for example, in many bindings the 1203SSL/TLS or HTTP protocol) MAY be utilized to provide data origin authentication. 1204Transport authentication will not meet end-to-end origin authentication requirements in bindings where the 1205BIAS SOAP message passes through an intermediary – in this case, message authentication is 1206RECOMMENDED. 1207Note that SAML [SAML] MAY be used as the mechanism for parties to authenticate to one another.

1208 5.6.3 Message Integrity 1209Message integrity of both BIAS requests and BIAS responses is OPTIONAL and depends on the 1210environment of use. The security layer in the underlying substrate protocol or a mechanism at the SOAP 1211message exchange layer MAY be used to ensure message integrity. 1212Transport integrity will not meet end-to-end integrity requirements in bindings where the BIAS SOAP 1213message passes through an intermediary – in this case, message integrity is RECOMMENDED.

1214 5.6.4 Message Confidentiality 1215Message confidentiality of both BIAS requests and BIAS responses is OPTIONAL and depends on the 1216environment of use. The security layer in the underlying substrate protocol or a mechanism at the SOAP 1217message exchange layer MAY be used to ensure message confidentiality. 1218Transport confidentiality will not meet end-to-end confidentiality requirements in bindings where the BIAS 1219SOAP message passes through an intermediary. 1220 NOTE: Biometric and biographic data is likely to contain personal information the confidentiality of 1221 which SHOULD be protected accordingly. See INCITS 442, section 6.3 for further discussion.

1222 5.6.5 CBEFF BIR security features 1223Within BIAS, biometric data is transferred within a CBEFF BIR (as defined in ISO/IEC 19785-1). CBEFF 1224provides for the optional encryption of the Biometric Data Block (BDB) of the BIR and for the integrity of 1225the entire BIR. If implemented, this is indicated in the BIR header. The BIR structure defines an optional 1226Security Block which MAY contain a digital signature (or message authentication code), encryption 1227parameters (e.g., key name, algorithm, etc.), and/or other security related data. Such protections are

173biasprofile-v1.0-cs01 04 November 2011 174Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 87 of 211 1228associated with an individual BIR and are separate from any other protections provided at the message 1229level.

1230 5.6.6 Security Considerations 1231Before deployment, each combination of authentication, message integrity, and confidentiality 1232mechanisms SHOULD be analyzed for vulnerability in the context of the specific protocol exchange and 1233the deployment environment. 1234Special care should be given to the impact of possible caching on security. 1235IETF RFC 2617 [RFC2617] describes possible attacks in the HTTP environment when basic or message 1236digest authentication schemes are used. 1237Many of the security considerations identified in [SAML SEC] MAY also apply. 1238ISO/IEC 19092 [BIO SEC] describes a security framework for biometric systems including a minimum set 1239of security requirements addressing integrity, authenticity, and confidentiality of biometric information 1240during transmission and storage. These SHOULD be considered as part of an overall risk management 1241approach. 1242 NOTE: The requirements of ISO/IEC 19092, though useful across many application domains, are 1243 required for most biometric system implementations in the financial services environment. 1244 Application of this standard would make the requirements of sections 5.5.3 through 5.5.5 1245 mandatory rather than optional. This is highly RECOMMENDED for any high security environment 1246 or where privacy concerns exist.

1247 5.6.7 Security of Stored Data 1248This specification does not address security considerations for stored data. It is the purview of the BIAS 1249service provider to implement security mechanisms and protect data at rest as per their own security 1250policies.

1251 5.6.8 Key Management 1252This specification does not address key management considerations with respect to implementation of 1253cryptographic security mechanisms (e.g., for authenticity, integrity, or confidentiality).

1254 5.7 Use with other WS* standards 1255The intent of specifying SOAP bindings for BIAS messages is to enable the full range of existing Web 1256services standards to be able to be applied. Some may be normative while others can be optionally 1257applied (i.e., WS-Security, WS-Addressing). Still others may require additional profiling to be used in an 1258interoperable manner (e.g., WS-Notification); this is left to a future revision. However, the intent is to avoid 1259specifying anything in the first, base version that would preclude the use of such standards in the future.

1260 5.8 Tailoring 1261This standard provides for a common method of implementing biometric Web services; however, it does 1262not guarantee interoperability in a specific application. In some cases further tailoring or profiling of this 1263standard may be required in order to further constrain the implementation options available. 1264 NOTE: As an example, BIAS allows for a number of different biographic and biometric data formats 1265 to be used, whereas a given application/domain MAY wish to limit this to a small set or just one of 1266 each type. Other examples (not comprehensive) include: 1267  Identification of a subset of BIAS operations to be used 1268  Specification of security features to be implemented (e.g., SSL, CBEFF BIR encryption, etc.) 1269  Choice of operation name identification method 1270  Choice of BIR type to be used (XML, non-XML, or URI)

175biasprofile-v1.0-cs01 04 November 2011 176Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 88 of 211 1271  Further definition of aggregate operations 1272  Use (or not) of the encounter model 1273  Use (or not) of asynchronous operations 1274  Process sequences 1275  Implementation specific values (e.g., Transform oprerations/controls)

177biasprofile-v1.0-cs01 04 November 2011 178Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 89 of 211 12766. Error handling 1277There are two levels of errors that can be returned in an error response: system and service errors. 1278  System-level errors occur when the implementing system cannot service a request. They could 1279 result due to an internal logic error or because the implementing system does not support a 1280 particular request. 1281  Service-level errors occur when there is a problem transmitting or representing the service 1282 request. They could result due to an invalid service request or because of a communications 1283 error. 1284The INCITS BIAS standard defines the error condition codes for system-level errors. 1285  If successful, a response message (containing a return code) will be generated. 1286  If unsuccessful, a SOAP fault message (containing a fault code) will be generated.

12874 BIAS operation return codes 1288If a BIAS operation is successful, a response (service output) will be sent to the requester by the service 1289provider. Each response message contains a response status (see section 3.2.37) and return code (see 1290section 3.2.38) along with any response data as defined for that operation, if any. A response code of ‘0’ 1291indicates success.

12925 SOAP fault codes 1293If a BIAS operation is unsuccessful, no BIAS response message is sent. Instead a SOAP fault message 1294is returned. 1295Every Web service (operation) described in the BIAS WSDL may result in a fault message that will be 1296returned in the response by the service provider in the event of an error. The fault message contains a 1297FaultCode element as defined by the SOAP 1.1 specification (see section 3.2.5). The fault message 1298MUST contain a Detail element in a common format, as described by the BIASFault element (see section 12993.2.6). 1300The schema provided in Annex A defines “BIASFaultCode” and “BIASFaultDetail” types as well as 1301“BIASFault”, “BIASFaultType”, “BIASFaultMessage” and “BIASFaultDescription” elements. 1302The list of defined BIAS fault codes is provided in section 3.2.5. Note that BIAS service providers MAY 1303define additional fault codes unique to their service. 1304 NOTE: See also section 5.2 for additional information on message returns and faults.

179biasprofile-v1.0-cs01 04 November 2011 180Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 90 of 211 1305 7. Conformance 1306Implementations claiming conformance to this standard, MUST implement, at a minimum, all mandatory 1307requirements and provisions set forth in Clauses 3, 4, 5 and 6. If such implementations claim 1308conformance to any OPTIONAL requirements and provisions stated in Clauses 3, 4, 5 and 6, these 1309requirements and provisions MUST be implemented as set forth in these Clauses. 1310INCITS 442 [INCITS-BIAS] (Annex A) specifies five BIAS conformance classes. For each class, a set of 1311mandatory BIAS operations is identified in order for implementations (BIAS service providers) to claim 1312conformance. These categories are: 1313  Class 1: Full Primitive Services Implementation 1314  Class 2: Full Aggregate Services Implementation 1315  Class 3: Limited Primitive Services Implementation 1316  Class 4: Minimum Primitive Services Implementation 1317  Class 5: Minimum Aggregate Services Implementation 1318In addition, the minimum capability information to be returned in response to a Query Capabilities request 1319(the only mandatory BIAS operation across all 5 classes) is specified for each class. 1320These conformance classes and their associated requirements apply to this BIAS SOAP Profile. 1321There are no minimum set of operations required to be implemented by BIAS requesters; however, any 1322operations implemented must conform to the requirements of Clauses 3 and 4 and those requirements 1323within Clause 5 that are mandatory and are not specific to BIAS responders.

1325 1326 1333 1343 1344 1345 1346 1348 1349 1350Base template for BIAS aggregate service requests. 1351 1352 1353 1354 1355 1356 1357Options that guide how the aggregate service request is processed. 1358 1359 1360 1361

183biasprofile-v1.0-cs01 04 November 2011 184Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 92 of 211 1362Contains the input data for the aggregate service request. 1363 1364 1365 1366 1367 1368 1369 1370 1371Base template for BIAS aggregate service responses. 1372 1373 1374 1375 1376 1377 1378Contains the output data for the aggregate service response. 1379 1380 1381 1382 1383 1384 1385 1386 1387Identifies an application. 1388 1389 1390 1391 1392 1393 1394 1395 1396Identifies an application user or instance. 1397 1398 1399 1400 1401 1402 185biasprofile-v1.0-cs01 04 November 2011 186Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 93 of 211 1403 1404 1405Wraps the various BIAS biometric types. 1406 1407 1408 1409 1410A list of CBEFF-BIR elements. 1411 1412 1413 1414 1415Contains biometric information in either a non-XML and an XML 1416representation. 1417 1418 1419 1420 1421Maps to specific INCITS BIAS elements as required by that 1422specification. 1423 1424 1425 1426 1427Maps to specific INCITS BIAS elements as required by that 1428specification. 1429 1430 1431 1432 1433A list of biometric data elements. 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443

187biasprofile-v1.0-cs01 04 November 2011 188Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 94 of 211 1444 1445The service failed for an unknown reason. 1446 1447 1448 1449 1450A requested capability is not supported by the service 1451implementation. 1452 1453 1454 1455 1456The data in a service input parameter is invalid. 1457 1458 1459 1460 1461Biometric sample quality is too poor for the service to succeed. 1462 1463 1464 1465 1466The input BIR is empty or in an invalid or unrecognized format. 1467 1468 1469 1470 1471The service could not validate the signature, if used, on the input BIR. 1472 1473 1474 1475 1476The service could not decrypt an encrypted input BIR. 1477 1478 1479 1480 1481The input encounter ID is empty or in an invalid format. 1482 1483 1484

189biasprofile-v1.0-cs01 04 November 2011 190Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 95 of 211 1485 1486The input subject ID is empty or in an invalid format. 1487 1488 1489 1490 1491The subject referenced by the input subject ID does not exist. 1492 1493 1494 1495 1496The gallery referenced by the input gallery ID does not exist. 1497 1498 1499 1500 1501The encounter referenced by the input encounter ID does not exist. 1502 1503 1504 1505 1506The biographic data format is not known or not supported. 1507 1508 1509 1510 1511The identity referenced by the input identity claim does not exist. 1512 1513 1514 1515 1516The identity claim requested is already in use. 1517 1518 1519 1520 1521The data requested for deletion does not exist. 1522 1523 1524 1525 191biasprofile-v1.0-cs01 04 November 2011 192Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 96 of 211 1526 1527 1528Defines the error information associated with a SOAP fault. 1529 1530 1531 1532 1533References an error code. 1534 1535 1536 1537 1538Provides an explanation of the fault. 1539 1540 1541 1542 1543Provides detailed information about a BIAS fault, such as trace details. 1544 1545 1546 1547 1548 1549 1550 1551Defines a single element for encapsulating the data associated 1552with an Identity. Includes the Identity's reference identifiers, 1553biographic data, and biometric data. 1554 1555 1556 1557 1558 1559A system unique identifier for a subject. 1560 1561 1562 1563 1564An identifier by which a subject is known to a particular gallery or population 1565group. 1566

193biasprofile-v1.0-cs01 04 November 2011 194Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 97 of 211 1567 1568 1569 1570The identifier of an encounter associated with the subject, required for encounter-centric 1571models. 1572 1573 1574 1575 1576A list of encounters associated with a subject. 1577 1578 1579 1580 1581An Identity's biographic data. 1582 1583 1584 1585 1586An Identity's biographic data elements that are stored in the implementing 1587system. 1588 1589 1590 1591 1592An Identity's biometric data. 1593 1594 1595 1596 1597 1598 1599A BIAS identifier 1600 1601 1602 1603 1604 1605Defines a single biographic data element. 1606 1607

195biasprofile-v1.0-cs01 04 November 2011 196Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 98 of 211 1608 1609 1610The name of the biographic data item. 1611 1612 1613 1614 1615The data type for the biographic data item. 1616 1617 1618 1619 1620The value assigned to the biographic data item. 1621 1622 1623 1624 1625 1626 1627Defines a set of biographic data that is formatted according to the specified 1628format. 1629 1630 1631 1632 1633The name of the biographic data format. Use these names for common formats: FBI-EFTS, 1634FBI-EBTS, DOD-EBTS, INT-I, NIEM, xNAL, HR-XML. 1635 1636 1637 1638 1639The version of the biographic data format (e.g., “7.1" for FBI-EFTS or “2.0" for 1640NIEM). 1641 1642 1643 1644 1645Reference to a URI/IRI describing the biographic data format. For example: (FBI-EFTS) 1646www.fbibiospecs.org, (DOD-EBTS) www.biometrics.dod.mil, (INT-I) www.interpol.int, (NIEM) www.niem.gov, 1647(xNAL) www.oasis-open.org, (HR-XML) www.hr-xml.org. 1648 1649

197biasprofile-v1.0-cs01 04 November 2011 198Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 99 of 211 1650 1651 1652The biographic data format type. Use these types for common formats: ASCII (e.g., for non- 1653XML versions of FBI-EFTS, FBI-EBTS, DOD-EFTS, or INT-I), XML (e.g., for NIEM, xNAL, and HR-XML or future version 1654of FBI-EBTS). 1655 1656 1657 1658 1659 1660Biographic data formatted according to a specific format. 1661 1662 1663 1664 1665 1666 1667 1668Defines a set of biographic data elements, utilizing either the 1669BiographicDataItemType to represent a list of elements or the 1670BiographicDataSetType to represent a complete, formatted set of 1671biographic information. 1672 1673 1674 1675 1676 1677The last name of a subject. 1678 1679 1680 1681 1682The first name of a subject. 1683 1684 1685 1686 1687 1688 1689 1690A single biographic data element.

199biasprofile-v1.0-cs01 04 November 2011 200Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 100 of 211 1691 1692 1693 1694 1695 1696 1697 1698A set of biographic data information. 1699 1700 1701 1702 1703 1704 1705 1706Provides descriptive information about biometric data, such as 1707the biometric type, subtype, and format, contained in the BDB of 1708the CBEFF-BIR. 1709 1710 1711 1712 1713 1714The type of biological or behavioral data stored in the biometric record, as defined by 1715CBEFF. 1716 1717 1718 1719 1720The number of biometric records having the biometric type recorded in the biometric type 1721field. 1722 1723 1724 1725 1726More specifically defines the type of biometric data stored in the biometric record, as 1727defined by CBEFF. 1728 1729 1730 1731

201biasprofile-v1.0-cs01 04 November 2011 202Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 101 of 211 1732Identifies the standards body, working group, industry consortium, or other CBEFF biometric 1733organization that has defined the format for the biometric data. 1734 1735 1736 1737 1738Identifies the specific biometric data format specified by the CBEFF biometric organization 1739recorded in the BDB Format Owner field. 1740 1741 1742 1743 1744 1745 1746A list of biometric data elements. 1747 1748 1749 1751 1752Data structure containing information about a biometric record. 1753 1754 1755 1756 1757 1758 1759 1760Defines a set of candidates, utilizing the Candidate Type to 1761represent each element in the set. 1762 1763 1764 1765 1766 1767A single candidate. 1768 1769 1770 1771 1772

203biasprofile-v1.0-cs01 04 November 2011 204Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 102 of 211 1773 1774 1775Defines a single candidate as a possible match in response to a 1776biometric identification request. 1777 1778 1779 1780 1781 1782The match score. 1783 1784 1785 1786 1787The rank of the candidate in relation to other candidates for the same biometric 1788identification operation. 1789 1790 1791 1792 1793Biographic data associated with the candidate match. 1794 1795 1796 1797 1798Biometric data associated with the candidate match. 1799 1800 1801 1802 1803 1804 1805Defines a set of capabilities. 1806 1807 1808 1809 1810A single capability. 1811 1812 1813

205biasprofile-v1.0-cs01 04 November 2011 206Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 103 of 211 1814 1815 1816 1817A list of capability items. 1818 1819 1820 1821 1822A data element accepted as optional input by the implementing system for the aggregate 1823services. 1824 1825 1826 1827 1828A data element required as input by the implementing system for the aggregate 1829services. 1830 1831 1832 1833 1834A processing option supported by the implementing system for the aggregate 1835services. 1836 1837 1838 1839 1840A data element returned by the implementing system for the aggregate 1841services. 1842 1843 1844 1845 1846Describes the processing logic of an aggregate service supported by the implementing 1847system. 1848 1849 1850 1851 1852Identifies a biographic data set supported by the implementing 1853system. 1854 1855

207biasprofile-v1.0-cs01 04 November 2011 208Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 104 of 211 1856 1857 1858A patron format supported by the implementing system. 1859 1860 1861 1862 1863A classification algorithm type supported by the implementing system. 1864 1865 1866 1867 1868Identifies the conformance class of the BIAS implementation. 1869 1870 1871 1872 1873A gallery or population group supported by the implementing system. 1874 1875 1876 1877 1878Identifies whether the implementing system is person-centric or encounter-centric 1879based. 1880 1881 1882 1883 1884 Identifies the use of match scores returned by the implementing 1885system. 1886 1887 1888 1889 1890A quality algorithm vendor and algorithm vendor product ID supported by the implementing 1891system. 1892 1893 1894 1895 1896A biometric type supported by the implementing system.

209biasprofile-v1.0-cs01 04 November 2011 210Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 105 of 211 1897 1898 1899 1900 1901A transform operation type supported by the implementing system. 1902 1903 1904 1905 1906 1907 1908Defines a single capability supported by an implementing system. 1909 1910 1911 1912 1913The name of the capability. 1914 1915 1916 1917 1918An identifier assigned to the capability by the implementing system. 1919 1920 1921 1922 1923A description of the capability. 1924 1925 1926 1927 1928A value assigned to the capability. 1929 1930 1931 1932 1933A secondary value supporting the capability. 1934 1935 1936 1937 211biasprofile-v1.0-cs01 04 November 2011 212Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 106 of 211 1938 Contains additional information for the supported capability. 1939 1940 1941 1942 1943 1944 1945A list of CBEFF-BIR elements. 1946 1947 1948 1949 1950CBEFF structure containing information about a biometric sample. 1951 1952 1953 1954 1955 1956 1957Represents biometric information, with either a non-XML or XML 1958representation. 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978

213biasprofile-v1.0-cs01 04 November 2011 214Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 107 of 211 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006The result of a classification. 2007 2008 2009 2010 2011 2012Type of classification algorithm that was used to perform the 2013classification. 2014 2015 2016 2017 2018

215biasprofile-v1.0-cs01 04 November 2011 216Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 108 of 211 2019Contains information on classification results and the algorithm used to determine the 2020classification. 2021 2022 2023 2024 2025The result of the classification. 2026 2027 2028 2030 2031Identifies the type of classification algorithm that was used to perform the 2032classification. 2033 2034 2035 2036 2037 2038 2039Defines a set of encounters. 2040 2041 2042 2043 2044The identifier of an encounter. 2045 2046 2047 2048 2049 2050 2051 2052Contains at a minimum two sets of fusion input 2053elements, as input to the PerformFusion request. 2054 2055 2056 2057 2059 2060A set of fusion information. 217biasprofile-v1.0-cs01 04 November 2011 218Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 109 of 211 2061 2062 2063 2064 2065 2066 2067Represents the information necessary to perform a fusion operation. 2068 2069 2070 2071 2072The type of biological or behavioral data stored in the biometric record, as defined by 2073CBEFF. 2074 2075 2076 2077 2078More specifically defines the type of biometric data stored in the biometric 2079record. 2080 2081 2082 2083 2084The owner or vendor of the algorithm used to determine the score or 2085decision. 2086 2087 2088 2089 2090The Algorithm Owner's identifier for the specific algorithm product and version used to 2091determine the score or decision. 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 219biasprofile-v1.0-cs01 04 November 2011 220Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 110 of 211 2103 2104 2105 2106The similarity score assigned by the matching algorithm. 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119The match decision assigned by the matching algorithm. 2120 2121 2122 2123 2124 2125 2126 2127 2128Common request paramters that can be used to identify the 2129requester. 2130 2131 2132 2133 2134Identifies the requesting application. 2135 2136 2137 2138 2139Identifers the user or instance of the requesting application. 2140 2141 2142 2143

221biasprofile-v1.0-cs01 04 November 2011 222Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 111 of 211 2144Identifers the BIAS operation name that is being requested. 2145 2146 2147 2148 2149 2150 2151 2152Allows for an unlimited number of data element types, and it does 2153not specify nor require any particular data element. 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163Provides a method to filter the amount of information returned in 2164a search of biometric data. 2165 2166 2167 2168 2169 2170 2171 2173 2174Limits the returned information to a specific type of biometric, as defined by 2175CBEFF. 2176 2177 2178 2179 2180 2181 2182 2183A Boolean flag indicating if biometric subtype information should be 2184returned.

223biasprofile-v1.0-cs01 04 November 2011 224Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 112 of 211 2185 2186 2187 2188 2189 2190 2191The result of a fusion method. 2192 2193 2194 2195 2196 2197 2198BIAS aggregate services support the ability to include various 2199processing options which direct and possibly control the business 2200logic for that service. The ProcessingOptionsType provides a 2201method to represent those options. Processing options should be 2202defined by the implementing system. 2203 2204 2205 2206 2207 2208An option supported by the implementing system. 2209 2210 2211 2212 2213 2214 2215The vendor's ID for a particular product. 2216 2217 2218 2219 2220 2221Contains information about a biometric sample's quality and the algorithm used to compute 2222the quality. 2223 2224 2225

225biasprofile-v1.0-cs01 04 November 2011 226Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 113 of 211 2226 2227The quality of a biometric sample. 2228 2229 2230 2231 2232The vendor of the qualilty algorithm used to determine the quality 2233score. 2234 2235 2236 2237 2238The vendor's ID for the algorithm used to determine the quality. 2239 2240 2241 2242 2243The version of the algorithm used to determine the quality. 2244 2245 2246 2247 2248 2249 2250Base template for BIAS primitive service requests. 2251 2252 2253 2255 2256 2257 2258 2259 2260 2261The return code indicates the return status of the operation. 2262 2263 2264 2265 2266A short message corresponding to the return code.

227biasprofile-v1.0-cs01 04 November 2011 228Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 114 of 211 2267 2268 2269 2270 2271 2272 2273Base template for BIAS responses. 2274 2275 2276 2277 2278Returned status for the operation. 2279 2280 2281 2282 2283 2284 2285BIAS Operation Return Codes 2286 2287 2288 2289 2290Success 2291 2292 2293 2294 2295 2296 2297Match result or quality score. 2298 2299 2300 2301 2302 2303Defines a token that is returned for asynchronous processing. 2304 2305 2306 2307 229biasprofile-v1.0-cs01 04 November 2011 230Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 115 of 211 2308A value returned by the implementing system that is used to retrieve the results to a service 2309at a later time. 2310 2311 2312 2313 2314A date and time at which point the token expires and the service results are no longer 2315guaranteed to be available. 2316 2317 2318 2319 2320 2321 2322Identifies a vendor. 2323 2324 2325 2326 2327 2328 2329For a description or definition of each data element, see the 2330referenced CBEFF standards in the CBEFF_XML_BIR_Type schema. 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340The version of a component. 2341 2342 2343 2344 2345 2346 2347 2348Register a subject to a given gallery or population group.

231biasprofile-v1.0-cs01 04 November 2011 232Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 116 of 211 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359The identifier of the gallery or population group to which the subject will be 2360added. 2361 2362 2363 2364 2365The identity to add to the gallery. 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380The response to an AddSubjectToGallery request. 2381 2382 2383 2384 2385 2386 2387 2388 2389

233biasprofile-v1.0-cs01 04 November 2011 234Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 117 of 211 2390 2391 2392 2393 2394 2395 2396 2397 2398Calculate a quality score for a given biometric. 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409Data structure containing a single biometric sample for which a quality score is to be 2410determined. 2411 2412 2413 2414 2415Specifies a particular algorithm vendor and vender product ID. 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430The response to a CheckQuality request.

235biasprofile-v1.0-cs01 04 November 2011 236Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 118 of 211 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441Contains the quality information for the submitted biometric sample. 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456Classifies a biometric sample. 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467Data structure containing a single biometric sample for which the classification is to be 2468determined. 2469 2470 2471

237biasprofile-v1.0-cs01 04 November 2011 238Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 119 of 211 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483The response to a ClassifyBiometricData request, containing 2484the classification of a biometric sample. 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495Information on the results and type of classification performed. 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510Create a new subject record. 2511 2512 239biasprofile-v1.0-cs01 04 November 2011 240Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 120 of 211 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528The response to a CreateSubject request, containing the subject 2529ID of the new subject record. 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540Contains the subject ID of the new subject record. 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 241biasprofile-v1.0-cs01 04 November 2011 242Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 121 of 211 2554 2555Erase all of the biographic data associated with a given 2556subject record or, in the encounter-centric model, with a 2557given encounter. 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568Contains either the subject ID or encounter ID reference. 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583The response to a DeleteBiographicData request. 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 243biasprofile-v1.0-cs01 04 November 2011 244Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 122 of 211 2595 2596 2597 2598 2599 2600 2601Erase all of the biometric data associated with a given 2602subject record or, in the encounter-centric model, with a 2603given encounter. 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614Contains either the subject ID or encounter ID reference. 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629The response to a DeleteBiometricData request. 2630 2631 2632 2633 2634 2635 245biasprofile-v1.0-cs01 04 November 2011 246Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 123 of 211 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647Delete an existing subject record and, in an encounter-centric 2648model, any associated encounter information. 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659Subject ID of the identity to delete. 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674The response to a DeleteSubject request. 2675 2676 247biasprofile-v1.0-cs01 04 November 2011 248Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 124 of 211 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692Remove the registration of a subject from a gallery or 2693population group. 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704The identifier of the gallery or population group from which the subject will be 2705deleted. 2706 2707 2708 2709 2710The identity to remove from the gallery. 2711 2712 2713 2714 2715 2716 2717

249biasprofile-v1.0-cs01 04 November 2011 250Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 125 of 211 2718 2719 2720 2721 2722 2723 2724 2725The response to a DeleteSubjectFromGallery request. 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743Retrieve the identification results for a specified token, 2744which was returned by the Identify Subject service. 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755A value used to retrieve the results of an IdentifySubject request. 2756 2757 2758 251biasprofile-v1.0-cs01 04 November 2011 252Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 126 of 211 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770The response to a GetIdentifySubjectResults request, which includes a candidate list. 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781A rank-ordered list of candidates that have a likelihood of matching the input biometric 2782sample. 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797Perform an identification search against a given gallery for 2798a given biometric. 2799

253biasprofile-v1.0-cs01 04 November 2011 254Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 127 of 211 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809The identifier of the gallery or population group which will be 2810searched. 2811 2812 2813 2814 2815Contains the BIR, a data structure containing the biometric sample for the 2816search. 2817 2818 2819 2820 2821The maximum size of the candidate list that should be returned. 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836The response to an IdentifySubject request, returning a 2837rank-ordered candidate list. 2838 2839 2840

255biasprofile-v1.0-cs01 04 November 2011 256Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 128 of 211 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864A rank-ordered list of candidates that have a likelihood of matching the input biometric 2865sample; returned with successful synchronous request processing. 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878A token used to retrieve the results of the IdentifySubject request; returned with 2879asynchronous request processing. 2880 2881

257biasprofile-v1.0-cs01 04 November 2011 258Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 129 of 211 2882 2883 2884 2885 2886 2887 2888 2889 2890Lists the biographic data elements stored for a subject. 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901Identifies the subject or, in the encounter-centric model, a subject and an 2902encounter. 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917The response to a ListBiographicData request, containing a list 2918of biographic data elements stored for a subject. In the 2919encounter-centric model, the biographic data elements for a 2920specific encounter are returned. If an encounter ID is not 2921specified and encounter data exists for the subject, the list 2922of encounter IDs which contain biographic data is returned.

259biasprofile-v1.0-cs01 04 November 2011 260Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 130 of 211 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934Contains a list of biographic data elements associated with a 2935subject or encounter; non-empty if the service was 2936successful, biographic data exists, and either (a) the 2937person-centric model is being used or (b) the 2938encounter-centric model is being used and an encounter 2939identifier was specified. 2940 2941 2942 2943 2944 2945 2946A list of encounter ID's associated with a subject and 2947which contain biographic data; non-empty if the service 2948was successful, biographic data exists, the 2949encounter-centric model is being used, and an encounter 2950identifier was not specified. 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 261biasprofile-v1.0-cs01 04 November 2011 262Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 131 of 211 2964 2965 2966Lists the biometric data elements stored for a subject. Note 2967that no actual biometric data is returned by this service (see 2968the RetrieveBiometricInformation service to obtain the biometric 2969data). 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980Identifies the subject or, in the encounter-centric model, a subject and an 2981encounter. 2982 2983 2984 2985 2986Indicates what biometric information should be returned. 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001The response to a ListBiometricData request, containing a list 3002of biometric data elements stored for a subject. In the 3003encounter-centric model, the biometric data elements for a 3004specific encounter are returned. If an encounter ID is not

263biasprofile-v1.0-cs01 04 November 2011 264Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 132 of 211 3005specified and encounter data exists for the subject, the list 3006of encounter IDs which contain biometric data is returned. 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018Includes a list of biometric data elements associated 3019with a subject or encounter or a list of encounter ID's 3020associated with a subject and which contain biometric 3021data. 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037Accepts either match score or match decision information and creates a fused match result. 3038 3039 3040 3041 3042 3043 3044 3045 265biasprofile-v1.0-cs01 04 November 2011 266Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 133 of 211 3046 3047 3048Score or decision input information to the fusion method. 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063The response to the PerformFusion request. 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074Indicates the result of the fusion method 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 267biasprofile-v1.0-cs01 04 November 2011 268Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 134 of 211 3087 3088 3089Returns a list of the capabilities, options, galleries, etc. 3090that are supported by the BIAS implementation. 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108The response to a QueryCapabilities request. 3109 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119A list of capabilities supported by the BIAS implementation. 3120 3121 3122 3123 3124 3125 3126 3127 269biasprofile-v1.0-cs01 04 November 2011 270Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 135 of 211 3128 3129 3130 3131 3132 3133 3134Retrieves the biographic data associated with a subject ID. 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145Identifies the subject or, in the encounter-centric model, a subject and an 3146encounter. 3147 3148 3149 3150 3151 3152 3153 3154 3155 3156 3157 3158 3159 3160 3161The response to a RetrieveBiographicInformation request, 3162containing the biographic data associated with a subject ID. In 3163the encounter-centric model, the biographic data associated with 3164a specified encounter is returned. If the encounter ID is not 3165specified in the encounter-centric model, the biographic 3166information associated with the most recent encounter is returned. 3167 3168

271biasprofile-v1.0-cs01 04 November 2011 272Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 136 of 211 3169 3170 3171 3172 3173 3174 3175 3176 3177Includes the set of biographic data associated with a subject. 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3192Retrieves the biometric data associated with a subject ID. 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203Identifies the subject or, in the encounter-centric model, a subject and an 3204encounter. 3205 3206 3207 3208 3209The type of biological or behavioral data to retrieve.

273biasprofile-v1.0-cs01 04 November 2011 274Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 137 of 211 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224The response to a RetrieveBiometricInformation request, 3225containing the biometric data associated with a subject ID. In 3226the encounter-centric model, the biometric data associated with 3227a specified encounter is returned. If the encounter ID is not 3228specified in the encounter-centric model, the biometric 3229information associated with the most recent encounter is returned. 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240Includes the biometric data associated with a subject. 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 275biasprofile-v1.0-cs01 04 November 2011 276Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 138 of 211 3251 3252 3253 3254 3255Associates biographic data to a given subject record. 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266Identifies the subject or, in the encounter-centric model, a subject and an encounter, and 3267includes the biographic data to store. 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282The response to a SetBiographicData request. 3283 3284 3285 3286 3287 3288 3289 3290 3291

277biasprofile-v1.0-cs01 04 November 2011 278Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 139 of 211 3292 3293In an encounter-centric model, identifies the encounter ID assigned to a new 3294encounter. 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309Associates biometric data to a given subject record. 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320Identifies the subject or, in the encounter-centric model, a subject and an encounter, and 3321includes the biometric data to store. 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332

279biasprofile-v1.0-cs01 04 November 2011 280Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 140 of 211 3333 3334 3335 3336The response to a SetBiometricData request. 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347In an encounter-centric model, identifies the encounter ID assigned to a new 3348encounter. 3349 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363Transforms or processes a given biometric in one format into a new target format. 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373

281biasprofile-v1.0-cs01 04 November 2011 282Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 141 of 211 3374Data structure containing the biometric information to be 3375transformed. 3376 3377 3378 3379 3380Value indicating the type of transformation to perform. 3381 3382 3383 3384 3385 Specifies controls for the requested transform operation. 3386 3387 3388 3389 3390 3391 3392 3393 3394 3395 3396 3397 3398 3399 3400The response to a TransformBiometricData request. 3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411Data structure containing the new, transformed biometric 3412information. 3413 3414

283biasprofile-v1.0-cs01 04 November 2011 284Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 142 of 211 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427Updates the biographic data for a given subject record. 3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438Identifies the subject or, in the encounter-centric model, a subject and an encounter, and 3439includes the biographic data to update. 3440 3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454The response to an UpdateBiographicData request. 3455

285biasprofile-v1.0-cs01 04 November 2011 286Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 143 of 211 3456 3457 3458 3459 3460 3461 3462 3463 3464 3465 3466 3467 3468 3469 3470 3471 3472Updates a single biometric sample for a given subject record. 3473 3474 3475 3476 3477 3478 3479 3480 3481 3482 3483Identifies the subject or, in the encounter-centric model, a subject and an encounter, and 3484includes the biometric data to update. 3485 3486 3487 3488 3489Value indicating if the input biometric sample should be merged with any existing biometric 3490information. 3491 3492 3493 3494 3495 3496

287biasprofile-v1.0-cs01 04 November 2011 288Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 144 of 211 3497 3498 3499 3500 3501 3502 3503 3504 3505The response to an UpdateBiometricData request. 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518 3519 3520 3521 3522 3523Performs a 1:1 verification match between a given biometric and 3524either a claim to identity in a given gallery or another given 3525biometric. 3526 3527 3528 3529 3530 3531 3532 3533 3534 3535 3536The identifier of the gallery or population group of which the subject must be a 3537member.

289biasprofile-v1.0-cs01 04 November 2011 290Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 145 of 211 3538 3539 3540 3541 3542Includes the identifying information and/or input and reference biometric 3543samples. 3544 3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558The response to a VerifySubject request. 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569Indicates if the Input BIR matched either the biometric information associated with the 3570Identity Claim or the Reference BIR. 3571 3572 3573 3574 3575The score if the biometric information matched. 3576 3577 3578

291biasprofile-v1.0-cs01 04 November 2011 292Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 146 of 211 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590The Enroll aggregate service adds a new subject or, in an 3591encounter-centric model, a new encounter to the system. This may 3592be accomplished in a number of different ways according to 3593system requirements and/or resources. If the Enroll aggregate 3594service is implemented as a synchronous service, the 3595implementing system immediately processes the request and 3596returns the results in the ReturnData parameter. If the Enroll 3597aggregate service is implemented as an asynchronous service, the 3598implementing system returns a token in the ReturnData 3599parameter, which is an indication that the request is being 3600handled asynchronously. In this case, the GetEnrollResults 3601service is used to poll for the results of the Enroll request. 3602 3603 3604 3605 3606 3607 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618The response to an Enroll request. 3619 293biasprofile-v1.0-cs01 04 November 2011 294Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 147 of 211 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635The GetEnrollResults aggregate service retrieves the enrollment 3636results for the specified token. This service is used in 3637conjunction with the Enroll aggregate service. If the Enroll 3638aggregate service is implemented as an asynchronous service, the 3639implementing system returns a token, and the GetEnrollResults 3640service is used to poll for the results of the original Enroll 3641request. 3642 3643 3644 3645 3646 3647 3648 3649 3650 3651 3652A value used to retrieve the results of the Enroll request. 3653 3654 3655 3656 3657 3658 3659 3660 295biasprofile-v1.0-cs01 04 November 2011 296Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 148 of 211 3661 3662 3663 3664 3665 3666The response to a GetEnrollResults request. 3667 3668 3669 3670 3671 3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683The GetIdentifyResults aggregate service retrieves the 3684identification results for the specified token. This service is 3685used in conjunction with the Identify aggregate service. If the 3686Identify aggregate service is implemented as an asynchronous 3687service, the implementing system returns a token, and the 3688GetIdentifyResults service is used to poll for the results of 3689the original Identify request. 3690 3691 3692 3693 3694 3695 3696 3697 3698 3699 3700A value used to retrieve the results of the Identify request. 3701 297biasprofile-v1.0-cs01 04 November 2011 298Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 149 of 211 3702 3703 3704 3705 3706 3707 3708 3709 3710 3711 3712 3713 3714The response to a GetIdentifyResults request. 3715 3716 3717 3718 3719 3720 3721 3722 3723 3724 3725 3726 3727 3728 3729 3730 3731The GetVerifyResults aggregate service retrieves the verification 3732results for the specified token. This service is used in 3733conjunction with the Verify aggregate service. If the Verify 3734aggregate service is implemented as an asynchronous service, the 3735implementing system returns a token, and the GetVerifyResults 3736service is used to poll for the results of the original Verify 3737request. 3738 3739 3740 3741 3742 299biasprofile-v1.0-cs01 04 November 2011 300Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 150 of 211 3743 3744 3745 3746 3747 3748A value used to retrieve the results of the Verify request. 3749 3750 3751 3752 3753 3754 3755 3756 3757 3758 3759 3760 3761 3762The response to a GetVerifyResults request. 3763 3764 3765 3766 3767 3768 3769 3770 3771 3772Indicates if the Input BIR matched either the biometric information associated with the 3773Identity Claim or the Reference BIR. 3774 3775 3776 3777 3778The score if the biometric information matched. 3779 3780 3781 3782 3783

301biasprofile-v1.0-cs01 04 November 2011 302Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 151 of 211 3784 3785 3786 3787 3788 3789 3790 3791 3792 3793The Identify aggregate service performs an identification 3794function according to system requirements and/or resources. If 3795the Identify aggregate service is implemented as a synchronous 3796service, the implementing system immediately processes the 3797request and returns the results in the ReturnData parameter. If 3798the Identify aggregate service is implemented as an asynchronous 3799service, the implementing system returns a token in the 3800ReturnData parameter, which is an indication that the request is 3801being handled asynchronously. In this case, the 3802GetIdentifyResults service is used to poll for the results of 3803the Identify request. 3804 3805 3806 3807 3808 3809 3810 3811 3812 3813 3814 3815 3816 3817 3818 3819 3820The response to an Identify request. 3821 3822 3823 3824 303biasprofile-v1.0-cs01 04 November 2011 304Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 152 of 211 3825 3826 3827 3828 3829 3830 3831 3832 3833 3834 3835 3836 3837The RetrieveInformation aggregate service retrieves requested 3838information about a subject, or in an encounter-centric model 3839about an encounter. In a person-centric model, this aggregate 3840service may be used to retrieve both biographic and biometric 3841information for a subject record. In an encounter-centric model, 3842this aggregate service may be used to retrieve biographic and/or 3843biometric information for either a single encounter or all 3844encounters. Either a SubjectID or EncounterID must be specified 3845in the Identify parameter. 3846 3847 3848 3849 3850 3851 3852 3853 3854 3855 3856Options that guide how the service request is processed, and may identify what type(s) of 3857information should be returned. 3858 3859 3860 3861 3862Includes the identifier of the subject or encounter. 3863 3864 3865

305biasprofile-v1.0-cs01 04 November 2011 306Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 153 of 211 3866 3867 3868 3869 3870 3871 3872 3873 3874 3875 3876The response to a RetrieveInformation request. 3877 3878 3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893The Verify aggregate service performs a 1:1 verification 3894function according to system requirements and/or resources. 3895Either the IdentityClaim or ReferenceBIR input data elements in 3896the Identity parameter are required. If the Verify aggregate 3897service is implemented as a synchronous service, the 3898implementing system immediately processes the request and returns 3899the results in the ReturnData parameter. If the Verify aggregate 3900service is implemented as an asynchronous service, the 3901implementing system returns a token in the ReturnData parameter, 3902which is an indication that the request is being handled 3903asynchronously. In this case, the GetVerifyResults service is 3904used to poll for the results of the Verify request. 3905 3906 307biasprofile-v1.0-cs01 04 November 2011 308Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 154 of 211 3907 3908 3909 3910 3911 3912 3913 3914 3915Includes either the IdentityClaim or ReferenceBIR. 3916 3917 3918 3919 3920The identifier of the gallery or population group of which the subject must be a 3921member. 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935The response to a Verify request. 3936 3937 3938 3939 3940 3941 3942 3943 3944 3945Indicates if the Input BIR matched either the biometric information associated with the 3946Identity Claim or the Reference BIR. 3947

309biasprofile-v1.0-cs01 04 November 2011 310Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 155 of 211 3948 3949 3950 3951The score if the biometric information matched. 3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 3986 3987 3988 311biasprofile-v1.0-cs01 04 November 2011 312Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 156 of 211 3989 3990 3991 3992 3993 3994 3995 3996 3997 3998 3999 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010 4011 4012 4013 4014 4015 4016 4017 4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 313biasprofile-v1.0-cs01 04 November 2011 314Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 157 of 211 4030 4031 4032 4033 4034 4035 4036 4037 4038 4039 4040 4041 4042 4043 4044 4045 4046 4047 4048 4049 4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 315biasprofile-v1.0-cs01 04 November 2011 316Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 158 of 211 4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 317biasprofile-v1.0-cs01 04 November 2011 318Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 159 of 211 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 319biasprofile-v1.0-cs01 04 November 2011 320Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 160 of 211 4153 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4182 4183 4184 4185 4186 4188 4189 4190 4191 4192 4193

321biasprofile-v1.0-cs01 04 November 2011 322Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 161 of 211 4194 4195 4196 4197 4198 4199 4200 4201 4202 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4218 4220 4221 4222 4223 4225 4227 4228 4229 4230 4231 4232 4233 4234 4235 323biasprofile-v1.0-cs01 04 November 2011 324Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 162 of 211 4236 4237 4238 4239 4240 4241 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276

325biasprofile-v1.0-cs01 04 November 2011 326Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 163 of 211 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 327biasprofile-v1.0-cs01 04 November 2011 328Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 164 of 211 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 4356 4357 4358 329biasprofile-v1.0-cs01 04 November 2011 330Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 165 of 211 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 331biasprofile-v1.0-cs01 04 November 2011 332Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 166 of 211 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 333biasprofile-v1.0-cs01 04 November 2011 334Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 167 of 211 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 335biasprofile-v1.0-cs01 04 November 2011 336Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 168 of 211 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 337biasprofile-v1.0-cs01 04 November 2011 338Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 169 of 211 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542 4543 4544 4545 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 339biasprofile-v1.0-cs01 04 November 2011 340Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 170 of 211 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 341biasprofile-v1.0-cs01 04 November 2011 342Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 171 of 211 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 4616 4617 4618 4619 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 343biasprofile-v1.0-cs01 04 November 2011 344Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 172 of 211 4646 4647 4648 4649 4650 4651 4652

345biasprofile-v1.0-cs01 04 November 2011 346Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 173 of 211 4653Annex B: BIAS Patron format specification 4654 4655The BIAS SOAP Profile defines an XML CBEFF Patron Format based on, but tailored from, Clause 13/15 4656of ISO/IEC 19785-3 [CBEFF3] as specified below. 4657 4658 B.1 Patron

4659Organization for the Advancement of Structured Information Standards (OASIS) 4660 4661 B.2 Patron identifier

466282 (0052 Hex). 4663 4664This has been allocated by the Registration Authority for ISO/IEC 19785-2. 4665 4666 B.3 Patron format name

4667OASIS BIAS CBEFF XML Patron Format 4668 4669 B.4 Patron format identifier

467001 (0001 Hex). 4671 4672This has been registered in accordance with ISO/IEC 19785-2. 4673 4674 B.5 ASN.1 object identifier for this patron format

4675No ASN.1 object identifiers are assigned to this patron format 4676 4677 B.6 Domain of use

4678This clause specifies a patron format based on XML that is designed to be friendly with code generation 4679tools. It defines a CBEFF structure that allows for the creation of simple, complex, and multi-modal BIRs 4680for use within BIAS transactions. 4681 4682 B.7 Version identifier

4683This patron format specification has a version identifier of (major 1, minor 0). 4684 4685 B.8 CBEFF version

4686This specification conforms to CBEFF version (major 2, minor 0). 4687

4689B.9.1 This patron format is based on W3C XML 1.0. It supports all the mandatory and optional data 4690elements specified in ISO/IEC 19785-1. It can support either a simple BIR or a complex BIR structure 4691where each intermediate node or leaf of the structure is itself a BIR (called a "child BIR"). 4692B.9.2 Most fields in this patron format are optional. Some mandatory and optional fields are 4693represented by XML elements, others are represented by attributes of XML elements. The presence of 4694an optional field in a BIR is signaled by simply including the corresponding element or attribute, and its 4695absence is signaled by simply omitting the corresponding element or attribute. 4696B.9.3 Special encodings are specified for integers (see B.17), octet strings (see B.18), and date and 4697time-of-the-day abstract values (see B.19). 4698B.9.4 An instance of a BIR or child BIR contains either a BDB or one or more BIR children, but never 4699contains both. 4700B.9.5 An extension mechanism is specified, which enables the inclusion of application-specific data (not 4701standardized) within a BIR or child BIR (see B.11.1.6). 4702 4703 B.10 Specification

4704B.10.1 In the rest of this clause, the terms "element" and "attribute" are used with the meaning of "XML 4705element" and "XML attribute", respectively. 4706B.10.2 The namespace with the name " http://docs.oasis-open.org/bias/ns/biaspatronformat-1.0/" 4707is called the patron format namespace of this patron format. 4708B.10.3 All elements defined in this patron format have the patron format namespace name. All attribute 4709names are unqualified. 4710B.10.4 An instance of a BIR shall be represented as a element (see B.11).

4711B.10.5 The element may be the root of an XML document, but this is not required. 4712B.10.6 The portion of the XML document consisting of the element and its whole content shall be 4713valid according to the XML schema provided in B.22. 4714 NOTE 1 – Validity according to that XML schema does not imply that the element 4715 satisfies all the requirements in the normative text of this specification, as there are some 4716 requirements that cannot be (or are not) formally expressed in the XML schema. 4717 NOTE 2 – When the element is the root of an XML document, the UTF-8 characte 4718 r encoding is recommended for the XML document, because it will usually produce a sma 4719 ller encoding. 4720B.10.7 The abstract value NO VALUE AVAILABLE, for any CBEFF data element that supports this 4721abstract value, shall be encoded as the omission of the corresponding element or attribute both in the 4722 element and in all of its ancestor elements. 4723 NOTE – The inheritance mechanism specified in B.14.2.1, B.15.2.1 and B.16.2.1 causes 4724 a data element of a BIR to inherit an abstract value (different from NO VALUE AVAILABL 4725 E) from its closest ancestor element that contains that element or attribute when th 4726 e element in question does not contain it. If any element in a hierarchy of 4727 elements specifies an abstract value for a given data element, that abstract value 4728 can be overridden by a different abstract value in any of its descendant elements, 4729 but the overriding abstract value can never be NO VALUE AVAILABLE. 4730 B.11 Element

4731 B.11.1 Syntax

4732B.11.1.1 This element shall have no attributes, and shall have a content consisting of the following 4733(in order): 349biasprofile-v1.0-cs01 04 November 2011 350Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 175 of 211 4734 a) an optional element (see B.12);

4735 b) an optional element (see B.13);

4736 c) zero or more application-specific elements;

4737 d) a mandatory element (see B.14);

4738 e) an optional element (see B.15);

4739 f) an optional element (see B.16);

4740 g) zero or more elements (see B.11);

4741 h) either an optional element that shall contain a valid representation of an octect string (see 4742 B.18), or an optional element that shall contain a valid XML string;

4743 i) an optional element – the content of this element shall be a valid representation of an octet 4744 string.

4745B.11.1.2 The or element shall not be present if one or more child elements 4746are present, and shall be present if no child elements are present. 4747B.11.1.3 The element shall be absent unless its presence is required by F.14.2.2 or 4748permitted by F.15.2.3. 4749B.11.1.4 If the or element is present, then the element shall also be 4750present. 4751B.11.1.5 If the element is present, then the element shall also be present. 4752B.11.1.6 The number of application-specific elements and their name, namespace name, 4753attributes, and content are not defined in this patron format specification. However, the namespace name 4754of those elements shall be different from the patron format namespace name (see B.10.2). 4755 4756 B.11.2 Semantics

4757B.11.2.1 This element is either a complex or a simple BIR, depending on which child elements are 4758present. If a child or element is present, this element is a simple BIR. If one or more 4759child elements are present, this element is a complex BIR. 4760B.11.2.2 The elements , , , , and 4761 and their content form the standard biometric header of the BIR. 4762B.11.2.3 The element (if present) carries the major and minor version number of this 4763patron format. 4764B.11.2.4 The element (if present) carries the major and minor version number 4765of the CBEFF standard. 4766B.11.2.5 Each element is a whole BIR (of the same patron format) that is a child BIR of the 4767BIR. 4768B.11.2.6 The or element (if present) carries the biometric data block (BDB) of the 4769BIR. 4770 NOTE – A or element and a element cannot coexist as children of 4771 the same element (see B.11.1.2). 4772B.11.2.7 The element (if present) carries the security block (SB) of the BIR.

351biasprofile-v1.0-cs01 04 November 2011 352Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 176 of 211 4773 NOTE – A element can coexist with either a element or a or 4774 element that is a child of the same element. 4775B.11.2.8 The element carries information about both the BIR and (possibly) about its 4776descendant BIRs (if the element has one or more child elements), as specified in B.14.2.1. 4777B.11.2.9 The element (if present) carries information about either the BDB of the BIR 4778(if the element has a child or element) or about the BDBs of the descendant BIRs 4779that have a child or element (if the element has one or more child 4780elements), as specified in B.15.2.1. 4781B.11.2.10 The element (if present) carries information about either the SB of the BIR (if 4782the element has a child element) or about the SBs of the descendant BIRs that have a child 4783 element (if the element has one or more child elements but no child element), 4784as specified in B.16.2.1. 4785 4786 B.12Element

4787 B.12.1 Syntax

4788This element shall have contents consisting of the following (in order): 4789a) a required element – the value of this element shall be a valid representation of a non- 4790 negative integer.

4791b) a required element – the value of this element shall be a valid representation of a non- 4792 negative integer.

4793 B.12.2 Semantics

4794B.12.2.1 This element represents the data element CBEFF_patron_header_version, and carries 4795the (major and minor) version number of the patron format. The number assigned to this version of the 4796patron format is major 1, minor 0. 4797B.12.2.2 The element represents the major version number (1 in this version). 4798B.12.2.3 The element represents the minor version number (0 in this version). 4799B.12.2.4 If this element is not present, the values Major="1" Minor="0" are implied. 4800B.12.2.5 A child element shall have the same (major and minor) version number as its 4801parent element. 4802 NOTE – This implies that the element, if present in a child element, h 4803 as to carry the same values as the element in the parent element. T 4804 his is equivalent to omitting the element. Therefore, this element is normally 4805 omitted in child elements. 4806 4807 B.13Element

4808 B.13.1 Syntax

4809This element shall have content consisting of the following (in order): 4810a) a required element – the value of this element shall be a valid representation of a non- 4811 negative integer (see B.17);

4812b) a required element – the value of this element shall be a valid representation of a non- 4813 negative integer.

4815B.13.2.1 This element represents the data element CBEFF_version, and carries the version 4816number of the CBEFF standard supported by this patron format. The number assigned to the version of 4817CBEFF supported by this patron format is Major=2, Minor=0. 4818B.13.2.2 The element represents the major version number (2 in this version). 4819B.13.2.3 The element represents the minor version number (0 in this version). 4820B.13.2.4 If this element is not present, the values Major="2" Minor="0" are implied. 4821B.13.2.5 A child element shall have the same CBEFF version number (major and minor) as 4822its parent element. 4823 NOTE – Thus, the element is normally omitted from all child el 4824 ements, as it would be redundant. 4825 4826 B.14 Element

4827 B.14.1 Syntax

4828B.14.1.1 This element shall have a content consisting of the following (in order): 4829a) an optional element – the content of this element shall be a string of ISO/IEC 10646 4830 characters;

4831b) an optional element – the content of this element shall be a valid representation of a 4832 universally unique identifier (see B.20), and shall not inherit its value from any other level BIR;

4833c) an optional element – the content of this element shall be a valid representation of an 4834 octet string, and shall not inherit its value from any other level BIR.

4835d) a required element – the value of this element shall be one of the character strings in 4836 the third cell of the corresponding row of Table B.1;

4837e) an optional element – the value of this element shall be a valid representation of a 4838 date and time of the day (see B.19);

4839f) an optional element – the value of this element shall be a valid representation 4840 of a date and time of the day;

4841g) an optional element – the value of this element shall be a valid representation of 4842 a date and time of the day.

4843 B.14.2 Semantics

4844B.14.2.1 The element carries information about the BIR. In addition, if the BIR has 4845one or more child BIRs (the element has one or more child elements), the information 4846carried by the attributes and child elements of the element is inherited by those child BIRs 4847except where overridden by a corresponding attribute or child element of the element of a 4848child BIR. The information inherited by a BIR applies to that BIR, and (if the BIR has itself child BIRs) is 4849further inherited by its child BIRs in the same way (and so on recursively). 4850 NOTE – Since the Integrity element is required and the element is mand 4851 atory in all elements, inheritance of the Integrity element can never occur.

355biasprofile-v1.0-cs01 04 November 2011 356Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 178 of 211 4852B.14.2.2 The Integrity element indicates whether integrity information about this BIR is 4853provided within the security block (SB) of the BIR (the child element of the parent element of 4854this element). 4855 NOTE – This information may consist of a digital signature or MAC, a reference to a key 4856 or certificate, an encrypted key (with or without a reference to the key used to encrypt tha 4857 t key), or other parameters of the digital signing (or MAC) process. 4858B.14.2.3 If the value of the element is "true", then the parent element of 4859this element shall have a child element. 4860B.14.2.4 Table B.1 specifies the correspondence between the attributes and child elements of this 4861element and CBEFF data elements, and specifies the supported abstract values and their encodings (see 4862also B.10.7). 4863 NOTE - This element represents all CBEFF data elements whose name begins with "CB 4864 EFF_BIR_". 4865 I) Table B.1 – BIR information

CBEFF data element name XML element Supported abstract values Reference and encodings CBEFF_BIR_creator All ISO/IEC 10646 character strings are supported. The character string shall be encoded as the string itself. CBEFF_BIR_index All well-formed UUIDs are supported. The UUIDs shall be encoded as specified in B.20. Shall not inherit its value from any other BIR level. CBEFF_BIR_payload All octet strings are supported. The octet strings shall be encoded as specified in B.18. Shall not inherit its value from any other BIR level. CBEFF_BIR_integrity_options The following abstract values are supported. The abstract values shall be encoded as shown below. NO INTEGRITY: "false" INTEGRITY: "true" CBEFF_BIR_creation_date All date and time-of-the-day abstract values permitted by CBEFF are supported. The abstract values shall be encoded as specified in B.19. CBEFF_BIR_validity_period All date and time-of-the-day (lower end) abstract values permitted by

357biasprofile-v1.0-cs01 04 November 2011 358Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 179 of 211 CBEFF data element name XML element Supported abstract values Reference and encodings CBEFF are supported. The abstract values shall be encoded as specified in B.19. CBEFF_BIR_validity_period All date and time-of-the-day (upper end) abstract values permitted by CBEFF are supported. The abstract values shall be encoded as specified in B.19.

4866 4867 B.15 Element

4868 B.15.1 Syntax

4869B.15.1.1 This element shall have a content consisting of the following (in order): 4870 a) an optional element – the content of this element shall be a valid 4871 representation of an octet string (see B.18);

4872 b) an optional element – the content of this element shall be a valid representation of a 4873 universally unique identifier (see B.20).

4874 c) an optional element – the value of this element shall be a valid representation 4875 of an integer in the range 1 to 65535 (see B.17);

4876 d) an optional element – the value of this element shall be a valid representation of 4877 an integer in the range 1 to 65535;

4878 e) an optional element – the value of this element shall be one of the character 4879 strings in the third cell of the corresponding row of Table B.2;

4880 f) an optional element – the value of this element shall be a valid 4881 representation of a date and time of the day (see B.19);

4882 g) an optional element – the value of this element shall be a valid 4883 representation of a date and time of the day;

4884 h) an optional element – the value of this element shall be a valid 4885 representation of a date and time of the day;

4886 i) an optional element – the value of this element shall be one of the character strings in 4887 the third cell of the corresponding row of Table B.2;

4888 j) an optional element – the value of this element shall be one of the character strings 4889 in the third cell of the corresponding row of Table B.2;

4890 k) an optional element – the value of this element shall be one of the character strings in 4891 the third cell of the corresponding row of Table B.2;

4892 l) an optional element – the value of this element shall be a valid 4893 representation of an integer in the range 1..65535 (see B.17);

359biasprofile-v1.0-cs01 04 November 2011 360Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 180 of 211 4894 m) an optional element – the value of this element shall be a valid representation 4895 of an integer in the range 1..65535;

4896 n) an optional element – the value of this element shall be a valid 4897 representation of an integer in the range 1..65535 (see B.17);

4898 o) an optional element – the value of this element shall be a valid 4899 representation of an integer in the range 1..65535;

4900 p) an optional element – the value of this element 4901 shall be a valid representation of an integer in the range 1..65535 (see B.17);

4902 q) an optional element – the value of this element shall 4903 be a valid representation of an integer in the range 1..65535;

4904 r) an optional element – the value of this element shall be a 4905 valid representation of an integer in the range 1..65535 (see B.17);

4906 s) an optional element – the value of this element shall be a valid 4907 representation of an integer in the range 1..65535;

4908 t) an optional element – the value of this element shall be a valid 4909 representation of an integer in the range 1..65535 (see B.17);

4910 u) an optional element – the value of this element shall be a valid 4911 representation of an integer in the range 1..65535;

4912 v) an optional element – the value of this element shall be a 4913 valid representation of an integer in the range 1..65535 (see B.17);

4914 w) an optional element – the value of this element shall be a 4915 valid representation of an integer in the range 1..65535;

4916 x) an optional element – the value of this element shall be one of the character strings 4917 in the third cell of the corresponding row of Table B.2;

4918 y) an optional element – the value of this element shall be a valid representation of an 4919 integer in the range –2..100 (see B.17), as specified in the third cell of the corresponding row of 4920 Table B.2.

4921B.15.1.3 If the parent element has a child element, then the 4922element shall be present in this element unless it is present in the child element 4923of an ancestor element (see also B.11.1.4). 4924B.15.1.4 If the parent element has a child element, then the 4925element shall be present in this element unless it is present in the child element 4926of an ancestor element (see also B.11.1.4). 4927B.15.1.5 If the parent element has a child element, then the 4928element shall be present in this element unless it is present in the child element 4929of an ancestor element (see also B.11.1.4). 4930 NOTE – The ancestor elements mentioned in the last three subclauses above ne 4931 ed not be the same. 4932

4934B.15.2.1 If the BIR has a BDB (the element has a child element), then the 4935 element carries information about that BDB. Otherwise, the information carried by the 4936attributes and child elements of the element is inherited by all the BIRs that are children of 4937the BIR except where overridden by a corresponding attribute or child element of the 4938element of a child BIR. The information inherited by a BIR with a BDB applies to that BDB, whereas the 4939information inherited by a BIR that has itself child BIRs is further inherited by all the BIRs that are children 4940of the BIR in the same way (and so on recursively). 4941B.15.2.2 If the BIR has a BDB and encryption is applied to that BDB (either by including the 4942encryption attribute with the value "true" in the element or by having the BIR inherit that 4943attribute value from its parent BIR), then the BDB in the element shall be encrypted. 4944B.15.2.3 If the BDB of a BIR is encrypted, information about the encryption process may be 4945provided within the security block (SB) of that BIR (the child element of the parent element 4946of this element). 4947 NOTE – This information may consist of a reference to an encryption key, an encrypted k 4948 ey (with or without a reference to the key used to encrypt that key), or other parameters o 4949 f the encryption process. 4950B.15.2.4 Table B.2 specifies the correspondence between the attributes and child elements of this 4951element and CBEFF data elements, and specifies the supported abstract values and their encodings (see 4952also F.10.7). 4953 NOTE – This element represents all CBEFF data elements whose name begins with "CB 4954 EFF_BDB_". 4955 II) Table B.2 – BDB information

CBEFF data element name XML element Supported abstract values and Reference encodings CBEFF_BDB_format_owner All integers in the range 1 to 65535 are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_format_type All integers in the range 1 to 65535 are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_encryption_options The following abstract values are supported. The abstract values shall be encoded as shown below. NO ENCRYPTION: "false" ENCRYPTION: "true" CBEFF_BDB_creation_date All date and time-of-the-day abstract values permitted by CBEFF are supported. The abstract values shall be encoded as specified in B.19. CBEFF_BDB_validity_period All date and time-of-the-day (lower end) abstract values permitted by CBEFF are supported.

363biasprofile-v1.0-cs01 04 November 2011 364Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 182 of 211 CBEFF data element name XML element Supported abstract values and Reference encodings The abstract values shall be encoded as specified in B.19. CBEFF_BDB_challenge_response All octet strings are supported. The octet strings shall be encoded as specified in B.18. Shall appear only in BIRs that have a BDB. CBEFF_BDB_index All well-formed UUIDs are supported. The UUIDs shall be encoded as specified in B.20 Shall appear only in BIRs that have a BDB. CBEFF_BDB_validity_period All date and time-of-the-day (upper end) abstract values permitted by CBEFF are supported. The abstract values shall be encoded as specified in B.19. CBEFF_BDB_biometric_type The following abstract values and all their unordered combinations are supported. A single abstract value shall be encoded as the corresponding string shown below. A combination of two or more abstract values shall be encoded as the concatenation of the corresponding strings, using a single space as separator. SCENT: "Scent" DNA: "DNA" EAR: "Ear" FACE: "Face" FINGER: "Finger" FOOT: "Foot" VEIN: "Vein" HAND GEOMETRY: "HandGeometry" IRIS: "Iris" RETINA: "Retina" VOICE: "Voice" GAIT:

365biasprofile-v1.0-cs01 04 November 2011 366Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 183 of 211 CBEFF data element name XML element Supported abstract values and Reference encodings "Gait" KEYSTROKE: "Keystroke" LIP MOVEMENT: "LipMovement" SIGNATURE OR SIGN: "SignatureSign"

CBEFF_BDB_biometric_subtype The following abstract values are supported. The abstract values shall be encoded as shown below. A combination of two or more abstract values shall be encoded as the concatenation of the corresponding strings, using a single space as separator. LEFT: "Left" RIGHT: "Right" THUMB: "Thumb" INDEX FINGER: "IndexFinger" MIDDLE FINGER: "MiddleFinger" RING FINGER: "RingFinger" LITTLE FINGER: "LittleFinger" CBEFF_BDB_processed_level The following abstract values are supported. The abstract values shall be encoded as shown below. RAW: "Raw" INTERMEDIATE: "Intermediate" PROCESSED: "Processed" CBEFF_BDB_product_owner All integers in the range 1 to 65535 are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_product_type All integers in the range 1 to 65535 are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_capture_device_ow All integers in the range 1 to 65535

367biasprofile-v1.0-cs01 04 November 2011 368Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 184 of 211 CBEFF data element name XML element Supported abstract values and Reference encodings ner are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_capture_device_typ All integers in the range 1 to 65535 e are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_feature_extraction_ are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_feature_extraction_ All integers in the range 1 to 65535 algorithm_type are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_comparison_algorith All integers in the range 1 to 65535 m_owner are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_comparison_algorith All integers in the range 1 to 65535 m_type are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_quality_algorithm_o All integers in the range 1 to 65535 wner are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_quality_algorithm_ty All integers in the range 1 to 65535 pe are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_compression_algorit All integers in the range 1 to 65535 hm_owner are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_compression_algorit All integers in the range 1 to 65535 hm_type are supported. The integers shall be encoded as specified in B.17. CBEFF_BDB_purpose The following abstract values are supported. The abstract values shall be encoded as shown below. VERIFY: "Verify" IDENTIFY: "Identify" ENROLL: "Enroll"

369biasprofile-v1.0-cs01 04 November 2011 370Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 185 of 211 CBEFF data element name XML element Supported abstract values and Reference encodings ENROLL FOR VERIFICATION ONLY: "EnrollVerify" ENROLL FOR IDENTIFICATION ONLY: "EnrollIdentify" AUDIT: "Audit" CBEFF_BDB_quality The following abstract values are supported. The integers shall be encoded as specified in B.17. The other abstract values shall be encoded as shown below. INTEGER QUALITY NOT SUPPORTED BY BDB CREATOR: "-2" QUALITY SUPPORTED BY BDB CREATOR BUT NOT SET: "-1" 4956 4957 B.16 Element

4958 B.16.1 Syntax

4959B.16.1.1 This element shall have content consisting of the following (in order): 4960a) an optional element – the value of this element shall be a valid representation of an 4961 integer in the range 1 to 65535 (see B.17);

4962b) an optional element – the value of this element shall be a valid representation of an 4963 integer in the range 1 to 65535

4964B.16.1.2 If the parent element has a child element, then the 4965element shall be present in this element unless it is present in the child element of 4966an ancestor element (see also B.11.1.5). 4967B.16.1.3 If the parent element has a child element, then the element 4968shall be present in this element unless it is present in the child element of an 4969ancestor element (see also B.11.1.5). 4970 NOTE 1 – The ancestor elements mentioned in the last two subclauses above ne 4971 ed not be the same. 4972 NOTE 2 – When the parent element has a child element and one omits both 4973 children of the element, the element will have no attributes and an 4974 empty content. Omission of the element is not allowed in this case (see B.11. 4975 1.5). 4976

4978B.16.2.1 If the BIR has an SB (the element has a child element), then the 4979element carries information about that SB. In addition, if the BIR has one or more child BIRs (the 4980element has one or more child elements), the information carried by the child element of the 4981 element is inherited by those child BIRs except where overridden by a corresponding child 4982element of the element of a child BIR. The information inherited by a BIR with an SB applies 4983to that SB, and (if the BIR has itself child BIRs) is further inherited by its child BIRs in the same way (and 4984so on recursively). 4985B.16.2.2 Table B.3 specifies the correspondence between the attributes and child elements of this 4986element and CBEFF data elements, and specifies the supported abstract values and their encodings (see 4987also B.10.7). 4988 NOTE – This element represents all CBEFF data elements whose name begins with "CB 4989 EFF_SB_". 4990 4991 III) Table B.3 – SB information

CBEFF data element name XML element Supported abstract values and Reference encodings CBEFF_SB_format_owner All integers in the range 1 to 65535 are supported. The integers shall be encoded as specified in B.17. CBEFF_SB_format_type All integers in the range 1 to 65535 are supported. The integers shall be encoded as specified in B.17. 4992 4993 B.17 Representation of Integers

4994B.17.1 A non-negative integer shall be represented as a string of one or more ISO/IEC 10646 characters 4995in the range DIGIT ZERO to DIGIT NINE ("0" to "9") in decimal notation. 4996B.17.2 A negative integer shall be represented as the corresponding positive integer, preceded by a 4997HYPHEN-MINUS character ("-"). 4998B.17.3 Arbitrary whitespace is allowed before and after the encoding, but is forbidden inside the 4999encoding. 5000 5001 B.18 Representation of Octet Strings

5002B.18.1 An octet string shall be represented as a string of the following ISO/IEC 10646 characters: 5003a) LATIN CAPITAL LETTER A to LATIN CAPITAL LETTER Z;

5004b) LATIN SMALL LETTER A to LATIN SMALL LETTER Z;

5005c) DIGIT ZERO to DIGIT NINE;

5006d) PLUS SIGN;

5007e) SOLIDUS;

5008f) EQUALS SIGN.

373biasprofile-v1.0-cs01 04 November 2011 374Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 187 of 211 5009forming the Base64 encoding of the octet string (see IETF RFC 2045), with all whitespace removed. 5010B.18.2 Arbitrary whitespace is allowed before and after the encoding, but is forbidden inside the 5011encoding. 5012 5013 B.19Representation of Date and Time of the Day

5014B.19.1 A date and time of the day shall be represented as a string of ISO/IEC 10646 characters in the 5015following format, which conforms to ISO 8601. 5016B.19.2 The encoding shall be the concatenation of all the following components (in order): 5017a) the "year" component, consisting of the year encoded in four digits ("2000" to "2999") ;

5018b) the hyphen character “-“

5019c) the "month" component, consisting of the month encoded in two digits ("01" to "12");

5020d) the hyphen character “-“

5021e) the "day" component, consisting of the day encoded in two digits ("01" to "31");

5022f) the letter "T";

5023g) the "hour" component, consisting of the hour encoded in two digits ("00" to "23");

5024h) the colon character “:”

5025i) the "minute" component, consisting of the minute encoded in two digits ("00" to "59");

5026j) the colon character “:”

5027k) the "second" component, consisting of the second encoded in two digits ("00" to "59");

5028l) the letter "Z".

5029B.19.3 The "year", "month", "day", “hour”, “minute”, and “second” components shall be present. 5030B.19.4 The letter "T" shall be present. 5031B.19.5 The letter "Z" shall be present whether or not the "hour" component is present. 5032 NOTE This letter indicates that the date and time of the day are UTC. 5033B.19.6 Arbitrary whitespace is allowed before and after the encoding, but is forbidden inside the 5034encoding. 5035 5036 B.20Representation of Universally Unique Identifiers

5037 NOTE: The following subclauses describe the same representation of a UUID as is specif 5038 ied in ISO/IEC 9834-8, clause 8. An example of such a representation is: f81d4fae-7dec- 5039 11d0-a765-00a0c91e6bf6 5040B.20.1 A universally unique identifier (UUID) shall be represented as a string of ISO/IEC 10646 5041characters. Each string shall contain exactly 36 characters from the union of the following sets: 5042a) DIGIT ZERO to DIGIT NINE ("0" to "9"), each representing a hexadecimal digit 0 through 9;

375biasprofile-v1.0-cs01 04 November 2011 376Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 188 of 211 5043b) LATIN CAPITAL LETTER A to LATIN CAPITAL LETTER F ("A" to "F"), each representing a 5044 hexadecimal digit A through F;

5045c) LATIN SMALL LETTER A to LATIN SMALL LETTER F ("a" to "f"), each representing a hexadecimal 5046 digit A through F; and

5047d) HYPHEN-MINUS ("-").

5048B.20.2 Each of the positions 9, 14, 19, and 24 of an encoding shall contain a character from set (d). 5049The other 32 positions shall contain characters from sets (a) through (c). 5050B.20.3 Arbitrary whitespace is allowed before and after the encoding, but is forbidden inside the 5051encoding. 5052 5053 B.21 Patron format conformance statement

5054 B.21.1 Identifying information

Required Information Patron format reference Patron name See B.1 Patron identifier See B.2 Patron format name See B.3 Patron format identifier See B.4 Patron format ASN.1 object See B.5 identifier Domain of use description See B.6 Patron format version See B.7 CBEFF version See B.8

5055 5056 B.21.2 ISO/IEC 19785-1:2006/Amd 1:2010 to Patron Format Mappi 5057 ng

CBEFF data element name Mandatory/ Patron format field name Abstract Encodings optional values specified? specified? CBEFF_BDB_format_owner Mandatory child of Yes Yes (specified or inherited) if a BDB is present CBEFF_BDB_format_type Mandatory child of Yes Yes (specified or inherited) if a BDB is present CBEFF_BDB_encryption_options Mandatory child of Yes Yes (specified or inherited) if

377biasprofile-v1.0-cs01 04 November 2011 378Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 189 of 211 CBEFF data element name Mandatory/ Patron format field name Abstract Encodings optional values specified? specified? a BDB is present CBEFF_BIR_integrity_options Mandatory child of Yes Yes CBEFF_BDB_subheader_count Mandatory implied in the number of No No occurrences of the child (implied) (implied) element CBEFF_BDB_biometric_type Optional child of Yes Yes CBEFF_BDB_biometric_subtype Optional child of Yes Yes CBEFF_BDB_challenge_response Optional child of Yes Yes CBEFF_BDB_creation_date Optional child of Yes Yes CBEFF_BDB_index Optional child of Yes Yes CBEFF_BDB_product_owner Optional child of Yes Yes CBEFF_BDB_product_type Optional child of Yes Yes CBEFF_BDB_capture_device_owner Optional child of Yes Yes CBEFF_BDB_capture_device_type Optional child of Yes Yes CBEFF_BDB_feature_extraction_algorithm_owne Optional child of CBEFF_BDB_feature_extraction_algorithm_type Optional child of CBEFF_BDB_comparison_algorithm_owner Optional Yes Yes child of CBEFF_BDB_comparison_algorithm_type Optional Yes Yes child of CBEFF_BDB_quality_algorithm_owner Optional Yes Yes child of CBEFF_BDB_quality_algorithm_type Optional child Yes Yes of CBEFF_BDB_compression_algorithm_owner Optional Yes Yes child of CBEFF_BDB_compression_algorithm_type Optional Yes Yes child of CBEFF_BDB_processed_level Optional child of Yes Yes CBEFF_BDB_purpose Optional child of Yes Yes CBEFF_BDB_quality Optional child of Yes Yes CBEFF_BDB_validity_period Optional and Yes Yes children of

379biasprofile-v1.0-cs01 04 November 2011 380Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 190 of 211 CBEFF data element name Mandatory/ Patron format field name Abstract Encodings optional values specified? specified? CBEFF_BIR_creation_date Optional child of Yes Yes CBEFF_BIR_creator Optional child of Yes Yes CBEFF_BIR_index Optional child of Yes Yes CBEFF_BIR_patron_format_owner N/A No No CBEFF_BIR_patron_format_type N/A No No CBEFF_BIR_payload Optional child of Yes Yes CBEFF_SB_format_owner Optional child of Yes Yes CBEFF_SB_format_type Optional child of CBEFF_BIR_validity_period Optional and Yes Yes attributes of patron_header_version Optional and children of Yes Yes CBEFF_version Optional and children of Yes Yes BDB Optional Yes Yes SB Optional Yes Yes

5058 5059 B.22 XML schema of the BIAS patron format

5060 5061 5066 5067 5068 5069 5070 5071 5072 5073 5074 5075 5076 5077 5078 5079 5080 5081 5082 5083 5084 5085 5086 5087

381biasprofile-v1.0-cs01 04 November 2011 382Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 191 of 211 5088 5089 5090 5091 5092 5093 5094 5095 5096 5097 5098 5099 5100 5101 5102 5103 5104 5105 5106 5107 5108 5109 5110 5111 5112 5113 5114 5115 5116 5117 5118 5119 5120 5121 5122 5123 5124 5125 5126 5127 5128 5129 5130 5131 5132 5133 5134 5135 5136 5137 5138 5139 5140 5141 5142 5143 5144 5145 5146 5147 5148 5149 5150 5151 5152 5153 5154 5155 5156 5157 5158

383biasprofile-v1.0-cs01 04 November 2011 384Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 192 of 211 5159 5160 5161 5162 5163 5164 5165 5166 5167 5168 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 5202 5203 5204 5205 5206 5207 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 5220 5221 5222 5223 5224 5225 5226 5227 5228 5229

385biasprofile-v1.0-cs01 04 November 2011 386Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 193 of 211 5230 5231 5232 NOTE NO VALUE AVAILABLE is encoded by the absence of optional fields in the XML 5233 encoding. There is little value in, for example, having the following string appear in a reco 5234 rd: no value available . 5235 5236 B.23 Sample BIR encoding

5237An example of a simple BIR in XML encoding (complying with the XSD schema and the normative textual 5238description) follows. 5239 5240 5241 5242 5243 1 5244 0 5245 5246 5247 2 5248 0 5249 5250 5251 ABCDE 5252 86CA3100-43F3-0D23-A941-7871E519A00E 5253 a2V2aW4ubWFuZ29sZEBuaXN0Lmdvdg== 5254 true 5255 2004-03-02T15:03:15Z 5256 2004-03-02T15:00:00Z 5257 2004-03-03T15:00:00Z 5258 5259

5260 VmlzaXQgaHR0cDovL2J3cy5uaXN0LmdvdiBmb3Igc29tZSBhd2Vzb21lIGJpb21ldHJpY3Mv 5261 d2ViIHNlcnZpY2UgcHJvamVjdHMh 5264 86CA3100-43F3-0D23-A941-7871E519A00E 5265 51 5266 88 5267 true 5268 2004-03-02T15:00:00Z 5269 2004-03-02T15:00:00Z 5270 2004-03-02T15:00:00Z 5271 Iris 5272 Left 5273 Processed 5274 16 5275 2 5276 Verify 5277 100 5278

387biasprofile-v1.0-cs01 04 November 2011 388Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 194 of 211 5279 5280 51 5281 99 5282 5283 a2V2aW4ubWFuZ29sZEBuaXN0Lmdvdg== 5284 TmF0aW9uYWwgSW5zdGl0dXRlIG9mIFN0YW5kYXJkcyBhbmQgVGVjaG5vbG9neQ== 5285

5287The intent of this annex is to provide operational sequence diagrams / flow charts that show how the 5288higher level usage scenarios within [INCITS-BIAS] could be implemented using the BIAS SOAP profile. 5289The following use cases are given: 5290  Verification (synchronous/aggregate) 5291  Verification (asynchronous/aggregate) 5292  Verification (primitive) 5293  Identification (primitive) 5294  Enrollment (aggregate) 5295  Enrollment (primitive)

5296 C.1 Verification Use Case 5297This use case uses the aggregate Verify operation in which a single request results in some set of 5298operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service 5299provider. 5300

Client Application BIAS Client BIAS Server Agent BIAS Impl

Verify

CheckQuality

TransformBiometricData

VerifySubject

MatchDecision

Note that 1. CheckQuality, TransformBiometricData , VerifySubject can be exposed as interfaces of BIAS server agent . 5301

391biasprofile-v1.0-cs01 04 November 2011 392Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 196 of 211 5302 C.2 Asynchronous Verification Us 5303 e Case 5304In this use case, the requester issues two requests – the BIAS Verify request to initiate the operation 5305followed by a BIAS GetVerifyResult request to retrieve the results of that operation. 5306

Verify

ReturnToken

CheckQuality

VerifySubject

MatchDecision

Periodically Polling

GetVerfiyResult

MatchDecision

Note that 1. CheckQuality, TransformBiometricData , VerifySubject can be exposed as interfaces of BIAS server agent . 5307 5308

393biasprofile-v1.0-cs01 04 November 2011 394Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 197 of 211 5309 C.3 Primitive Verification Use Cas 5310 e 5311In this use case, the verification operation is performed as a series of requests using the BIAS primitive 5312operations. In this case, the client rather than the service provider controls the workflow of the higher 5313level operation. 5314

BIAS Client BIAS Implementation

CheckQuality

Return

VerifySubject

Return

395biasprofile-v1.0-cs01 04 November 2011 396Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 198 of 211 5316 C.4 Identification Use Case 5317This use case uses the aggregate Identify operation in which a single request results in some set of 5318operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service 5319provider. 5320 5321 5322

Identify

CheckQuality

IdentifySubject

CandidateList

Note that 1. CheckQuality, TransformBiometricData, IdentifySubject can be exposed as interfaces of BIAS server agent . 5323

397biasprofile-v1.0-cs01 04 November 2011 398Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 199 of 211 5324 C.5 Biometric Enrollment Use Cas 5325 e 5326This use case uses the aggregate Enroll operation in which a single request results in some set of 5327operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service 5328provider. 5329Here, if the result of the IdentifySubject is no matches found, then the subject is added to the gallery. If a 5330match had been found then other logic may have been applied (e.g., return candidate list, add encounter 5331for existing subject, etc.). 5332

Client BIAS Client BIAS Server Agent BIAS Impl

Enroll

CheckQuality

IdentifySubject

CreateSubject

SetBiographicData

SetBiometricData

AddSubjectToGallery

ReturnData

5333 5334

399biasprofile-v1.0-cs01 04 November 2011 400Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 200 of 211 5335 C.6 Primitive Enrollment Use Cas 5336 e 5337In this use case, the enrollment operation is performed as a series of requests using the BIAS primitive 5338operations. In this case, the client rather than the service provider controls the workflow of the higher 5339level operation. 5340

CheckQuality

Return

TransformBiometricData Return

IdentifySubject

IdentifySubject Return

CreateSubject

CreateSubject Return

SetBiographicData

SetBiographicData Return

SetBiometricData

SetBiometricData Return

AddSubjectToGallery

AddSubjectToGallery Return

5343 D.1 Create Subject Request/Resp 5344 onse Example 5345INCITS BIAS Specification 5346 5347 5349 5350

5351OASIS BIAS Examples 5352Simple Create Subject Request: 5353POST /bias HTTP/1.1 5354Host: www.acme.com 5355Content-Type: application/soap+xml; charset=”utf-8” 5356Content-Length: nnnn 5357SOAPAction: “CreateSubject” 5358 5359 5360 5361 5364 5365

5366Create Subject Request with SubjectID Parameter: 5367POST /bias HTTP/1.1 5368Host: www.acme.com 5369Content-Type: application/soap+xml; charset=”utf-8” 5370Content-Length: nnnn 5371SOAPAction: “CreateSubject” 5372 5373 5374 5375 5377 5378 123456789 5379

5383Create Subject Request with Optional OASIS BIAS Content: 5384POST /bias HTTP/1.1 5385Host: www.acme.com 5386Content-Type: application/soap+xml; charset=”utf-8” 5387Content-Length: nnnn 5388SOAPAction: “CreateSubject” 5389 5390 5391 5392 5394 5395 BIAS Application 5396 BIAS User 5397 5398 5399 123456789 5400 5401 5402 5403

5404Simple Create Subject Response: 5405HTTP/1.1 200 OK 5406Content-Type: application/soap+xml; charset=”utf-8” 5407Content-Length: nnnn 5408 5409 5410 5411 5413 5414 0 5415 5416 5417 123456789 5418 5419 5420

5422Create Subject Response with Optional OASIS BIAS Content: 5423HTTP/1.1 200 OK 5424Content-Type: application/soap+xml; charset=”utf-8” 5425Content-Length: nnnn 5426 5427 5428 5429 5431 5432 0 5433 Subject ID 123456789 successfully 5434created. 5435 5436 5437 123456789 5438 5439 5440 5441 5442

5443 D.2 Set Biographic Data Request/ 5444 Response Example 5445INCITS BIAS Specification 5446 5447 5448 5450 5452 5454 5455

5456OASIS BIAS Examples 5457Set Biographic Data Request: 5458POST /bias HTTP/1.1 5459Host: www.acme.com 5460Content-Type: application/soap+xml; charset=”utf-8” 5461Content-Length: nnnn

409biasprofile-v1.0-cs01 04 November 2011 410Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 205 of 211 5462SOAPAction: “SetBiographicData” 5463 5464 5465 5466 5469 5470 123456789> 5471 5472 5473 Last 5474 string 5475 Doe 5476 5477 5478 5479 person 5480 5481 5482

5483Set Biographic Data Response: 5484HTTP/1.1 200 OK 5485Content-Type: application/soap+xml; charset=”utf-8” 5486Content-Length: nnnn 5487 5488 5489 5490 5493 5494 0 5495 5496 5497 5498 5499

5500 D.3 Set Biometric Data Request/R 5501 esponse Example 5502INCITS BIAS Specification

5512OASIS BIAS Examples 5513Set Biometric Data Request: 5514POST /bias HTTP/1.1 5515Host: www.acme.com 5516Content-Type: application/soap+xml; charset=”utf-8” 5517Content-Length: nnnn 5518SOAPAction: “SetBiometricData” 5519 5520 5521 5522 5525 5526 123456789> 5527 5528 5529 biometric data 5530 5531 5532 5533 person 5534 5535 5536

5537Set Biometric Data Response: 5538HTTP/1.1 200 OK 5539Content-Type: application/soap+xml; charset=”utf-8” 5540Content-Length: nnnn 5541 5542 5543 5544

413biasprofile-v1.0-cs01 04 November 2011 414Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 207 of 211 5545 xmlns:tns=”http://docs.oasis‐open.org/bias/bias‐ 55461.0/”> 5547 5548 0 5549 5550 5551 5552

5554The following individuals have participated in the creation of this specification and are gratefully 5555acknowledged: 5556 5557Participants: 5558 Name Affiliation Mr. Young Bang Booz Allen Hamilton Mr. Ed. Clay Sun Mr. Murty Gurajada * Raining Data Corporation Mr. Dale Hapeman US Department of Defense Dr. Charles Li Raytheon Mr. Kevin Mangold NIST Mr. John Mayer-Splain US Department of Homeland Security Dr. Ross Michaels NIST Mr. Ramesh Nagappan Sun Mr. Ash Parikh * Raining Data Corporation Mr. Matthew Swayze Daon Mr. Guy Swope* Raytheon Mrs. Catherine Tilton Daon Mr. Alessandro Triglia* OSS Nokalva Mr. Matthew Young US Department of Defense Mr. Brad Wing NIST (formerly DHS) Mr. Michael Wittman* Raytheon Mr. Gregory Zektser Booz Allen Hamilton

5559 5560* Though no longer members of the BIAS TC at time of publication, these individuals contributed in the 5561early stages of the development of this standard. 5562In addition, the inputs from the INCITS technical committee M1 are also gratefully appreciated.

5564 Revision Date Editor Changes Made 0.01 2008-05-23 TBD Initial draft 0.02 2008-07-23 TBD Inserted data dictionary Added normative references Updated sec 3 & 5 + Annex B 0.03 2008-08-19 TBD WSDL updated 0.04 2008-09-11 TBD Updated references Added security requirements Corrected Fig. 3 0.05 2008-09-29 TBD SSL/TLS requirement clarified Reordered material in 5.3 & App C/D Updated references 2 new use cases added (App C) Updated examples in App D 0.06 2008-11-17 TBD Added BIAS operation name methods (new 5.3 + 4.2.27 & App B) 0.06a 2008-11-20 TBD Updated references 0.07 2008-11-27 TBD Revised fault structures and error handling 0.08 2009-06-22 TBD Incorporated comments from informal public review. 0.09 2009-07-24 Tilton/Swayze Incorporated comments from June review/meeting. Major changes included: - Breaking Clause 3 into 2 clauses for data elements and operations - Specification of URI & IRI - Clarifications and formatting 0.10 2009-10-19 Tilton/Swayze Expansion of conformance clause 0.11 2009-11-16 Tilton/Swayze Miscellaneous edits and clarifications [Also published as CD01] 0.12 2010-11-04 Mangold/Tilton/Swayze Incorporation of public review comments Update WSDL 0.13 2011-01-03 Tilton/Mangold Clarification regarding xsd:any Updated WSDL 0.14 2011-06-15 Mangold/Tilton Inserted new Annex B – CBEFF Patron Format miscellaneous editorial changes

419biasprofile-v1.0-cs01 04 November 2011 420Standards Track Work Product Copyright © OASIS Open 2011. All Rights Reserved. Page 210 of 211 0.15 2011-07-18 Mangold/Tilton Updated namespace for CBEFF Patron Format + corrected finger subtype name in schema 0.16 2011-08-02 Mangold/Tilton Changed BIAS CBEFF XML Patron Format Identifier to 0x0052 (line 4377).