Biometric Identity Assurance Services (BIAS) SOAP Profile Version 1.0

2Biometric Identity Assurance Services 3(BIAS) SOAP Profile Version 1.0

4Committee Specification Draft 03 / 5Public Review Draft 02

623 February 2011

7Specification URIs: 8This Version: 9 http://docs.oasis-open.org/bias/soap-profile/v1.0/csprd02/biasprofile-v1.0-csprd02.doc 10 (Authoritative) 11 http://docs.oasis-open.org/bias/soap-profile/v1.0/csprd02/biasprofile-v1.0-csprd02.pdf 12 http://docs.oasis-open.org/bias/soap-profile/v1.0/csprd02/biasprofile-v1.0-csprd02.html 13Previous Version: 14 http://docs.oasis-open.org/bias/soap-profile/v1.0/csd02/biasprofile-v1.0-csd02.doc (Authoritative) 15 http://docs.oasis-open.org/bias/soap-profile/v1.0/csd02/biasprofile-v1.0-csd02.pdf 16 http://docs.oasis-open.org/bias/soap-profile/v1.0/csd02/biasprofile-v1.0-csd02.html 17Latest Version: 18 http://docs.oasis-open.org/bias/soap-profile/v1.0/biasprofile-1.0.doc (Authoritative) 19 http://docs.oasis-open.org/bias/soap-profile/v1.0/biasprofile-1.0.pdf 20 http://docs.oasis-open.org/bias/soap-profile/v1.0/biasprofile-1.0.html 21Technical Committee: 22 OASIS Biometric Identity Assurance Services (BIAS) Integration TC 23Chair(s): 24 Cathy Tilton, Daon 25Editor(s): 26 Matthew Swayze 27 Cathy Tilton, Daon 28Related Work: 29 This specification is related to: 30  ANSI INCITS 442-2008, Biometric Identity Assurance Services (BIAS) 31Declared XML Namespace(s): 32 http://docs.oasis-open.org/bias/ns/bias-1.0/ 33Abstract: 34 This document specifies a SOAP profile that implements the BIAS abstract operations specified 35 in INCITS 442 as SOAP messages.

1biasprofile-v1.0-csprd02 2 23 February 2011 3Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 4 Page 1 of 194 36Status: 37 This document was last revised or approved by the OASIS Biometric Identity Assurance Services 38 (BIAS) Integration TC on the above date. The level of approval is also listed above. Check the 39 “Latest Version” location noted above for possible later revisions of this document. 40 Technical Committee members should send comments on this specification to the Technical 41 Committee’s email list. Others should send comments to the Technical Committee by using the 42 “Send A Comment” button on the Technical Committee’s web page at http://www.oasis- 43 open.org/committees/bias/. 44 For information on whether any patents have been disclosed that may be essential to 45 implementing this specification, and any offers of patent licensing terms, please refer to the 46 Intellectual Property Rights section of the Technical Committee web page (http://www.oasis- 47 open.org/committees/bias/ipr.php). 48Citation Format: 49 When referencing this specification the following citation format should be used: 50 [BIAS SOAP PROFILE] Biometric Identity Assurance Services (BIAS) SOAP Profile Version 1.0. 51 23 February 2011. OASIS Committee Specification Public Review Draft. 52 http://docs.oasis-open.org/bias/soap-profile/v1.0/csprd02/biasprofile-v1.0- 53 csprd02.doc 54 55 56

58Copyright © OASIS® 2009-2011. All Rights Reserved. 59All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual 60Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website. 61This document and translations of it may be copied and furnished to others, and derivative works that 62comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, 63and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice 64and this section are included on all such copies and derivative works. However, this document itself may 65not be modified in any way, including by removing the copyright notice or references to OASIS, except as 66needed for the purpose of developing any document or deliverable produced by an OASIS Technical 67Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must 68be followed) or as required to translate it into languages other than English. 69The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors 70or assigns. 71This document and the information contained herein is provided on an "AS IS" basis and OASIS 72DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY 73WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY 74OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A 75PARTICULAR PURPOSE. 76OASIS requests that any OASIS Party or any other party that believes it has patent claims that would 77necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, 78to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to 79such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that 80produced this specification. 81OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of 82any patent claims that would necessarily be infringed by implementations of this specification by a patent 83holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR 84Mode of the OASIS Technical Committee that produced this specification. OASIS may include such 85claims on its website, but disclaims any obligation to do so. 86OASIS takes no position regarding the validity or scope of any intellectual property or other rights that 87might be claimed to pertain to the implementation or use of the technology described in this document or 88the extent to which any license under such rights might or might not be available; neither does it represent 89that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to 90rights in any document or deliverable produced by an OASIS Technical Committee can be found on the 91OASIS website. Copies of claims of rights made available for publication and any assurances of licenses 92to be made available, or the result of an attempt made to obtain a general license or permission for the 93use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS 94Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any 95information or list of intellectual property rights will at any time be complete, or that any claims in such list 96are, in fact, Essential Claims. 97The names "OASIS" and “BIAS” are trademarks of OASIS, the owner and developer of this specification, 98and should be used only to refer to the organization and its official outputs. OASIS welcomes reference 99to, and implementation and use of, specifications, while reserving the right to enforce its marks against 100misleading uses. Please see http://www.oasis-open.org/who/trademark.php for above guidance. 101

1031 Introduction...... 8 104 1.1 Purpose/Scope...... 8 105 1.2 Overview...... 8 106 1.3 Background...... 8 107 1.4 Relationship to Other Standards...... 8 108 1.5 Terminology...... 9 109 1.6 References...... 10 110 1.6.1 Normative References...... 10 111 1.6.2 Non-Normative References...... 11 1122 Design Concepts and Architecture (non-normative)...... 13 113 2.1 Philosophy...... 13 114 2.2 Context...... 13 115 2.3 Architecture...... 13 1163 Data dictionary...... 16 117 3.1 Documentation Conventions...... 16 118 3.2 Common Elements...... 17 119 3.2.1 ApplicationIdentifier...... 17 120 3.2.2 ApplicationUserIdentifier...... 17 121 3.2.3 BaseBIRType...... 17 122 3.2.4 BIASBiometricDataType...... 17 123 3.2.5 BIASFaultCode...... 17 124 3.2.6 BIASFaultDetail...... 18 125 3.2.7 BIASIdentity...... 19 126 3.2.8 BIASIDType...... 19 127 3.2.9 BinaryBIR...... 19 128 3.2.10 BiographicDataItemType...... 20 129 3.2.11 BiographicDataSetType...... 20 130 3.2.12 BiographicDataType...... 21 131 3.2.13 BiometricDataElementType...... 22 132 3.2.14 BiometricDataListType...... 22 133 3.2.15 CandidateListResultType...... 22 134 3.2.16 CandidateListType...... 23 135 3.2.17 CandidateType...... 23 136 3.2.18 CapabilityListType...... 23 137 3.2.19 CapabilityName...... 23 138 3.2.20 CapabilityType...... 24 139 3.2.21 CBEFF_BIR_ListType...... 24 140 3.2.22 CBEFF_BIR_Type...... 25 141 3.2.23 Classification...... 25 142 3.2.24 ClassificationAlgorithmType...... 25 143 3.2.25 ClassificationData...... 26

16biasprofile-v1.0-csprd02 17 23 February 2011 18Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 19 Page 4 of 194 144 3.2.26 EncounterListType...... 26 145 3.2.27 FusionDecision...... 26 146 3.2.28 FusionInformationListType...... 26 147 3.2.29 FusionInformationType...... 26 148 3.2.30 FusionResult...... 27 149 3.2.31 FusionScore...... 27 150 3.2.32 GenericRequestParameters...... 27 151 3.2.33 IdentifySubjectResultType...... 27 152 3.2.34 InformationType...... 27 153 3.2.35 ListFilterType...... 28 154 3.2.36 MatchType...... 28 155 3.2.37 ProcessingOptionsType...... 28 156 3.2.38 ProductID...... 28 157 3.2.39 QualityData...... 28 158 3.2.40 ResponseStatus...... 29 159 3.2.41 ReturnCode...... 29 160 3.2.42 Score...... 29 161 3.2.43 TokenResultType...... 29 162 3.2.44 TokenType...... 30 163 3.2.45 URI_BIR...... 30 164 3.2.46 VendorIdentifier...... 30 165 3.2.47 Version...... 30 166 3.2.48 VersionType...... 30 167 3.2.49 XML_BIR...... 30 1684 BIAS Messages...... 32 169 4.1 Primitive Operations...... 32 170 4.1.1 AddSubjectToGallery...... 32 171 4.1.2 CheckQuality...... 33 172 4.1.3 ClassifyBiometricData...... 35 173 4.1.4 CreateSubject...... 36 174 4.1.5 DeleteBiographicData...... 37 175 4.1.6 DeleteBiometricData...... 39 176 4.1.7 DeleteSubject...... 40 177 4.1.8 DeleteSubjectFromGallery...... 41 178 4.1.9 GetIdentifySubjectResults...... 43 179 4.1.10 IdentifySubject...... 45 180 4.1.11 ListBiographicData...... 47 181 4.1.12 ListBiometricData...... 49 182 4.1.13 PerformFusion...... 53 183 4.1.14 QueryCapabilities...... 55 184 4.1.15 RetrieveBiographicInformation...... 57 185 4.1.16 RetrieveBiometricInformation...... 59 186 4.1.17 SetBiographicData...... 60

21biasprofile-v1.0-csprd02 22 23 February 2011 23Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 24 Page 5 of 194 187 4.1.18 SetBiometricData...... 62 188 4.1.19 TransformBiometricData...... 64 189 4.1.20 UpdateBiographicData...... 65 190 4.1.21 UpdateBiometricData...... 67 191 4.1.22 VerifySubject...... 69 192 4.2 Aggregate Operations...... 71 193 4.2.1 Enroll...... 71 194 4.2.2 GetEnrollResults...... 72 195 4.2.3 GetIdentifyResults...... 73 196 4.2.4 GetVerifyResults...... 75 197 4.2.5 Identify...... 76 198 4.2.6 RetrieveInformation...... 78 199 4.2.7 Verify...... 79 2005 Message structure and rules...... 82 201 5.1 Purpose and constraints...... 82 202 5.2 Message requirements...... 83 203 5.3 Handling binary data...... 84 204 5.3.1 Base64 encoding...... 84 205 5.3.2 Use of XOP...... 84 206 5.4 Discovery...... 85 207 5.5 Identifying operations...... 85 208 5.5.1 Operation name element...... 85 209 5.5.2 WS-Addressing Action...... 86 210 5.6 Security...... 87 211 5.6.1 Use of SSL 3.0 or TLS 1.0...... 87 212 5.6.2 Data Origin Authentication...... 87 213 5.6.3 Message Integrity...... 87 214 5.6.4 Message Confidentiality...... 87 215 5.6.5 CBEFF BIR security features...... 87 216 5.6.6 Security Considerations...... 88 217 5.6.7 Security of Stored Data...... 88 218 5.6.8 Key Management...... 88 219 5.7 Use with other WS* standards...... 88 220 5.8 Tailoring...... 88 2216 Error handling...... 90 222 6.1 BIAS operation return codes...... 90 223 6.2 SOAP fault codes...... 90 2247 Conformance...... 91 225Annex A.XML Schema...... 92 226Annex B. Use Cases (non-normative)...... 175 227 B.1 Verification Use Case...... 175 228 B.2 Asynchronous Verification...... 176 229 B.3 Primitive Verification...... 177

26biasprofile-v1.0-csprd02 27 23 February 2011 28Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 29 Page 6 of 194 230 B.4 Identification Use Case...... 178 231 B.5 Biometric Enrollment...... 179 232 B.6 Primitive Enrollment...... 180 233Annex C. Samples (non-normative)...... 181 234 C.1 Create Subject Request/Response Example...... 181 235 C.2 Set Biographic Data Request/Response Example...... 183 236 C.3 Set Biometric Data Request/Response Example...... 184 237Annex D. Acknowledgements...... 186 238Annex E. Revision History...... 187 239

2411.1 Purpose/Scope 242This Organization for the Advancement of Structured Information Standards (OASIS) Biometric Identity 243Assurance Services (BIAS) profile specifies how to use the eXtensible Markup Language (XML) [XML10] 244defined in ANSI INCITS 442-2008 – Biometric Identity Assurance Services [INCITS-BIAS] to invoke 245Simple Object Access Protocol (SOAP) -based services that implement BIAS operations. These SOAP- 246based services enable an application to invoke biometric identity assurance operations remotely in a 247Services Oriented Architecture (SOA) infrastructure. 248Not included in the scope of BIAS is the incorporation of biometric authentication as an integral 249component of an authentication or security protocol. (However, BIAS services may be leveraged to 250implement biometric authentication in the future.)

2511.2 Overview 252In addition to this introduction, this standard includes the following: 253  Clause 2 presents the design concepts and architecture for invoking SOAP-based services that 254 implement BIAS operations. 255  Clause 3 presents the namespaces necessary to implement this profile, INCITS BIAS data 256 elements, and identifies relationships to external data definitions. 257  Clause 4 specifies the content of the BIAS messages. 258  Clause 5 presents the BIAS message structure, as well as rules and considerations for its 259 application. 260  Clause 6 presents information on error handling. 261  Clause 7 specifies conformance requirements. 262  Annexes include the OASIS BIAS XML schema/sample Web Service Definition Language 263 (WSDL), use cases, sample code, acknowledgements, and the revision history of this profile.

2641.3 Background 265In late 2005/early 2006, a gap was identified in the existing biometric standards portfolio with respect to 266biometric services. The Biometric Identity Assurance Services standard proposal was for a collaborative 267effort between government and private industry to provide a services-based framework for delivering 268identity assurance capabilities, allowing for platform and application independence. This standard 269proposal required the attention of two major technical disciplines: biometrics and service architectures. 270The expertise of both disciplines was required to ensure the standard was technically sound, market 271relevant, and achieved widespread adoption. The International Committee for Information Technology 272Standards (INCITS) M1 provided the standards leadership relevant to biometrics, defining the “taxonomy” 273of biometric operations and data elements. OASIS provided the standards leadership relevant to service 274architectures with an initial focus on web services, defining the schema and SOAP messaging. 275The driving requirements of the BIAS standard proposal were to provide the ability to remotely invoke 276biometric operations across an SOA infrastructure; to provide business level operations without 277constraining the application/business logic that implements those operations; to be as generic as possible 278– technology, framework, & application domain independent; and to provide basic capabilities that can be 279used to construct higher level, aggregate/composite operations.

36biasprofile-v1.0-csprd02 37 23 February 2011 38Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 39 Page 8 of 194 2801.4 Relationship to Other Standards 281This OASIS BIAS profile comprises a companion standard to ANSI INCITS 442-2008 – Biometric Identity 282Assurance Services, which defines the BIAS requirements and taxonomy, specifying the identity 283assurance operations and the associated data elements. This OASIS BIAS profile specifies the design 284concepts and architecture, data model and data dictionary, message structure and rules, and error 285handling necessary to invoke SOAP-based services that implement BIAS operations. 286Together, the BIAS standard and the BIAS profile provide an open framework for deploying and remotely 287invoking biometric-based identity assurance capabilities that can be readily accessed across an SOA 288infrastructure. 289This relationship allows the leveraging of the biometrics and web services expertise of the two standards 290development organizations. Existing standards are available in both domains and many of these 291standards will provide the foundation and underlying capabilities upon which the biometric services 292depend.

2931.5 Terminology 294The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD 295NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described 296in [RFC2119]. 297The following additional terms and definitions are used: 298Note: The terms and definitions specified in INCITS (InterNational Committee for Information Technology 299Standards) (Project 1823-D) also apply to this Standard. 300 301BIAS operation and data element names are not defined here, but in their respective sections. 302 303BIAS 304 Biometric Identity Assurance Services 305BIR 306 Biometric Information Record 307ESB 308 Enterprise Service Bus 309HTTP 310 HyperText Transfer Protocol 311HTTPS 312 HyperText Transfer Protocol over SSL or HTTP Secure 313IRI 314 Internationalized Resource Identifier 315SOA 316 Service-Oriented Architecture 317SOAP 318 Simple Object Access Protocol 319SSL 320 Secure Sockets Layer 321TLS 322 Transport Layer Security 323UDDI 324 Universal Description, Discovery, and Integration 325URI 326 Uniform Resource Identifier 327VPN 328 Virtual Private Network 329WSDL

41biasprofile-v1.0-csprd02 42 23 February 2011 43Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 44 Page 9 of 194 330 Web Services Description Language 331WSS 332 Web Services Security 333XML 334 eXtensible Markup Language 335 336 337CBEFF 338 Common Biometric Exchange Formats Framework - data elements and BIR formats specified in 339 ISO/IEC 19785-1 340BIAS implementation 341 software entity that is capable of creating, processing, sending, and receiving BIAS messages 342BIAS endpoint 343 runtime entity, identified by an endpoint URI/IRI, capable of sending and receiving BIAS 344 messages, and containing a running BIAS implementation 345BIAS message 346 message that can be sent from a BIAS endpoint to another BIAS endpoint through a BIAS link 347 channel 348BIAS request message 349 BIAS message conveying a request for an action to be performed by the receiving BIAS endpoint 350BIAS response message 351 BIAS message conveying a response to a prior BIAS requestmessage

3521.6 References

353 1.6.1 Normative References 354 [RFC2119] S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, IETF 355 RFC 2119, March 1997. 356 http://www.ietf.org/rfc/rfc2119.txt 357 358 [CBEFF] ISO/IEC19785, Information technology – Common Biometric Exchange Formats 359 Framework – Part 1: Data element specification & Part 3: Patron format 360 specifications 361 http://www.iso.org 362 363 [DATE-TIME] ISO 8601:2004, Data elements and interchange formats — Information 364 interchange — Representation of dates and times 365 http://www.iso.org 366 367 [INCITS-BIAS] ANSI INCITS 442-2010, Biometric Identity Assurance Services (BIAS), July 2010 368 http://www.incits.org 369 370 [IRI] M. Duerst, et al, Internationalized Resouce Identifiers, W3C RFC3987, January 371 2005 372 http://www.ietf.org/rfc/rfc3987.txt

373 [SOAP11] Simple Object Access Protocol (SOAP) 1.1, 8 May 2000 374 http://www.w3.org/TR/2000/NOTE-SOAP-20000508/

46biasprofile-v1.0-csprd02 47 23 February 2011 48Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 49 Page 10 of 194 375 [URI] T. Berners-Lee, R. Fielding, L. Masinter, Uniform Resource Identifiers (URI): 376 Generic Syntax, RFC 3986, MIT/LCS, U.C. Irvine, Xerox Corporation, January 377 2005. 378 http://ietf.org/rfc/rfc3986

379 [UTF-8] ISO/IEC 10646:2003, Information technology — Universal Multiple-Octet Coded 380 Character Set (UCS) 381 http://www.iso.org

382 [WS-Addr] W3C Recommendation,Web Services Addressing 1.0 - Core, and Web Services 383 Addressing 1.0 - SOAP Binding, 9 May 2006 384 http://www.w3.org/2002/ws/addr/

385 [WS-I-Basic] Basic Profile Version 1.1, 10 April 2006 386 http://www.ws-i.org/Profiles/BasicProfile-1.1-2006-04-10.html

387 [WS-I-Bind] Web Services-Interoperability Organization (WS-I) Simple SOAP Binding Profile 388 Version 1.0, 24 August 2004 389 http://www.ws-i.org/Profiles/SimpleSoapBindingProfile-1.0-2004-08-24.html

390 [WSDL11] Web Services Description Language (WSDL) 1.1, 15 March 2001 391 http://www.w3.org/TR/2001/NOTE-wsdl-20010315

392 [XML 10] Extensible Markup Language (XML) 1.0, 16 August 2006 393 http://www.w3.org/TR/2006/REC-xml-20060816/

394 [XOP] XML-binary Optimized Packaging, W3C Recommendation, 25 January 2005 395 http://www.w3.org/TR/2005/REC-xop10-20050125/

396 1.6.2 Non-Normative References 397 [BioAPI] ISO/IEC 19784-1:2006, Information technology – Biometric Application 398 Programming Interface – Part 1: BioAPI Specification 399 http://www.iso.org

400 [BIO SEC] ISO 19092 Financial services -- Biometrics -- Security framework 401 http://www.iso.org

402 [EBTS-DOD] Department of DefenseElectronic Biometric TransmissionSpecification, Version 403 2.0, 27 March 2009 404 http://www.biometrics.dod.mil/CurrentInitiatives/Standards/dodebts.aspx

405 [EBTS-FBI] IAFIS-DOC-01078-8.1, “Electronic Biometric Transmission Specification 406 (EBTS)”, Version 8.1, November 19, 2008, Federal Bureau of Investigation, 407 Criminal Justice Information Services Division 408 https://www.fbibiospecs.org

409 [EFTS] IAFIS-DOC-01078-7, “Electronic Fingerprint Transmission Specification (EFTS)”, 410 Version 7.1, May 2, 2005, Federal Bureau of Investigation, Criminal Justice 411 Information Services Division 412 https://www.fbibiospecs.org

413 [HR-XML] HR-XML Consortium Library, 2007 April 15 414 http://www.hr-xml.org

51biasprofile-v1.0-csprd02 52 23 February 2011 53Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 54 Page 11 of 194 415 [INT-I] Interpol Implementation of ANSI/NIST ITL1-2000, Ver 4.22b, October 28, 2005, 416 The Interpol AFIS Expert Group 417 http://www.interpol.int

418 [NIEM] National Information Exchange Model (NIEM), Ver 2.0, June 2007, US DOJ/DHS 419 http://www.niem.gov

420 [RFC2246] T. Dierks & C. Allen,The TLS Protocol, Version 1.0, January 1999 421 http://www.ietf.org/rfc/rfc2246.txt

422 [RFC2617] J. Franks, et al, HTTP Authentication: Basic and Digest Access Authentication, 423 June 1999 424 http://www.ietf.org/rfc/rfc2617.txt

425 [RFC3280] R. Housley, et al, Internet X.509 Public Key Infrastructure Certificate and 426 Certificate Revocation List (CRL) Profile, April 2002 427 http://www.ietf.org/rfc/rfc3280.txt

428 [SAML] Security Assertion Markup Language (SAML), Oasis Standard, March 2005 429 http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

430 [SAML SEC] Security and Privacy Considerations for the OASIS Security Assertion Markup 431 Language (SAML) V2.0, Oasis Standard, 15 March 2005 432 http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf

433 [SSL3] SSL 3.0 Specification 434 http://www.freesoft.org/CIE/Topics/ssl-draft/3-SPEC.HTM

435 [WSS] Web Services Security: SOAP Message Security 1.1, (WS-Security 2004), 436 OASIS Standard Specification, 1 February 2006 437 http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os- 438 SOAPMessageSecurity.pdf

439 [X509] X.509: Information technology - Open Systems Interconnection - The Directory: 440 Public-key and attribute certificate frameworks, ITU-T, August 2005 441 http://www.itu.int/rec/T-REC-X.509-200508-I

442 [xNAL] Customer Information Quality Specifications Version 3.0: Name (xNL), Address 443 (xAL), Name and Address (xNAL) and Party (xPIL), Committee Specification 02, 444 20 September 2008 445 http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ciq

56biasprofile-v1.0-csprd02 57 23 February 2011 58Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 59 Page 12 of 194 4472 Design Concepts and Architecture (non-normative)

4482.1 Philosophy 449Rather than define a totally new and unique messaging protocol for biometric services, this specification 450instead defines a method for using existing biometric and Web services standards to exchange biometric 451data and perform biometric operations.

4522.2 Context 453Today, biometric systems are being developed which collect, process, store and match biometric data for 454a variety of purposes. In many cases, data and/or capabilities need to be shared between systems or 455systems serve a number of different client stakeholders. As architectures move towards services-based 456frameworks, access to these biometric databases and services is via a Web services front-end. However, 457lack of standardization in this area has led implementers to develop customized services for each 458system/application. 459BIAS is intended to provide a common, yet flexible, Web services interface that can be used within both 460closed and open SOA systems. Figure 1, below, depicts the context in which the BIAS messages will be 461implemented. 462 463

Biometric Client Subject Resources (Requester) System/ Application A BIAS BIAS Messages Service Provider Subject Client (Requester) System/ Application N Administrator 464 465 466 Figure 1. BIAS Context 467 468The clients (requesters) may use standard discovery mechanisms (i.e., UDDI directories) to discover the 469BIAS service provider (implementation) or, particularly in closed systems, the URI/IRI and WSDL for the 470service provider may be known a priori by the client BIAS application developer.

4712.3 Architecture 472BIAS Web services are intended to be used within systems employing a services framework, such as a 473services-oriented architecture (SOA) (although implementations are not limited to this environment). As 474such, it is recognized that the clients may interact directly with the BIAS service provider or layers may 475exist between the client and the service provider, for example as an ESB or other application layer. 476The BIAS Architecture as shown in Figure 2, in which:

61biasprofile-v1.0-csprd02 62 23 February 2011 63Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 64 Page 13 of 194 477  A Client request to the BIAS Web services may be triggered by a human interaction OR any 478 proxy system such as an ESB. 479  Client sends and receives SOAP messages that conform to the BIAS schemas 480  Calls to the BIAS Implementation use OASIS Service Interfaces and Bindings (via WSDL) 481  The BIAS implementation maps the service call to the appropriate internal API or set of APIs 482 and returns data according to the service interface. 483Note that services are represented as circles. 484

485 486 487 Figure 2. Representative BIAS Architecture 488 489 NOTE: It is possible that BIAS may also be used between the service provider and the managed 490 resource (e.g., a biometric matcher). 491 492At the heart of the BIAS messaging protocol are the concepts of BIAS messages and endpoints. 493BIAS implementation 494A BIAS implementation is a software entity that is capable of creating, processing, sending, and receiving 495BIAS messages. This standard does not define requirements for the BIAS implementation other than 496defining the messages and protocols used by the endpoints. 497BIAS messages

66biasprofile-v1.0-csprd02 67 23 February 2011 68Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 69 Page 14 of 194 498A BIAS message is a one that can be sent from a BIAS endpoint to another BIAS endpoint over a TCP/IP 499link. 500BIAS endpoints 501A BIAS endpoint is a runtime entity, uniquely identified and accessed by an endpoint URI/IRI [URI] [IRI], 502capable of sending and receiving BIAS messages. 503Note that when not publicly and directly exposed, the endpoints for purposes of this specification are the 504BIAS service provider exposing BIAS services and the component that directly interacts with that service 505provider, e.g., the business application or ESB, rather than the ultimate end client requester.

71biasprofile-v1.0-csprd02 72 23 February 2011 73Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 74 Page 15 of 194 5063 Data dictionary 507This section describes the BIAS data elements used within BIAS messages (as defined in Clause 4). 508Common data elements are defined for use in one or more operations. These include common data types 509or return codes. BIAS data elements are defined in ANSI INCITS 442-2010. The elements, complex types 510and simple types described for the BIAS messages belong to the following namespace: http://docs.oasis- 511open.org/bias/ns/bias-1.0/. See Annex A for the XML schema. 512 NOTE: Biographic and biometric data included in a native XML format MAY contain elements 513 referencing external namespaces (e.g., ansi-nist).

5143.1 Documentation Conventions 515Each common element has a section describing its content. Likewise, each operation has a section 516describing the request and response messages and the associated input and output parameters. The 517input and output of each message and the comment elements are detailed in a table as described in the 518figure below. Each field that forms part of the message request/response is detailed in the table. 519 Header Description Values Value Meaning Name Field The name of the field. Type The XML schema type of the field. # The cardinality of the field 1 One occurrence 0..1 Zero or one occurrence 0..* Zero or more occurrences 1..* One or more occurrences ? Defines if the field must be present. Y Yes – is always required N No – is not always required, an optional field. C Conditional – requirement is dependent on system or message conditions. Meaning Gives a short description of the field’s use

520 Figure 3. BIAS Message Input/Output Dictionary Table Headings

521Fields Hierarchy Explained: 522To denote the field hierarchy the symbol is used to denote the child-of relationship. 523All string types/elements MUST consist of ISO/IEC 10646 (Unicode) characters encoded in UTF-8 [UTF- 5248] (see ISO/IEC 10646:2003, Annex D).

526 3.2.1 ApplicationIdentifier

Type: string Description: Identifies an application. Min Length: 1 Max Length: 255

527 3.2.2 ApplicationUserIdentifier

Type: string Description: Identifies an application user or instance. Min Length: 1 Max Length: 255

528 3.2.3 BaseBIRType

Type: Schema complexType Description: Base type for all BIR subtypes; see BinaryBIR, URI_BIR, and XML_BIR for currently available types.

530 3.2.4 BIASBiometricDataType

Field Type # ? Meaning BIASBiometricDataType Y Wraps the various BIAS biometric types. The operations that use this type specify which elements are required.

BIRList CBEFF_BIR_ListType 0..1 N A list of CBEFF-BIR elements. BIR CBEFF_BIR_Type 0..1 N Contains biometric information in either a non-XML or an XML representation.

InputBIR CBEFF_BIR_Type 0..1 N Maps to specific INCITS BIAS elements as required by that specification.

ReferenceBIR CBEFF_BIR_Type 0..1 N Maps to specific INCITS BIAS elements as required by that specification.

BiometricDataList BiometricDataListType 0..1 N A list of biometric data elements.

Type: String Description: Error code referenced in a SOAP fault.

532BIASFaultCode Enumeration Values

Value Description UNKNOWN_ERROR The service failed for an unknown reason. UNSUPPORTED_CAPABILITY A requested capability is not supported by the service implementation. INVALID_INPUT The data in a service input parameter is invalid. BIR_QUALITY_ERROR Biometric sample quality is too poor for the service to succeed. INVALID_BIR The input BIR is empty or in an invalid or unrecognized format. BIR_SIGNATURE_FAILURE The service could not validate the signature, if used, on the input BIR. BIR_DECRYPTION_FAILURE The service could not decrypt an encrypted input BIR. INVALID_ENCOUNTER_ID The input encounter ID is empty or in an invalid format. INVALID_SUBJECT_ID The input subject ID is empty or in an invalid format. UNKNOWN_SUBJECT The subject referenced by the input subject ID does not exist. UNKNOWN_GALLERY The gallery referenced by the input gallery ID does not exist. UNKNOWN_ENCOUNTER The encounter referenced by the input encounter ID does not exist. UNKNOWN_BIOGRAPHIC_FORMAT The biographic data format is not known or not supported. UNKNOWN_IDENTITY_CLAIM The identity referenced by the input identity claim does not exist. INVALID_IDENTITY_CLAIM The identity claim requested is already in use. NONEXISTANT_DATA The data requested for deletion does not exist.

533 NOTES: 534 (1) See Clause 6 (Error handling) for an explanation of BIAS faults and return codes. 535 (2) Service provider MAY define additional values specific to their service implementation. 536 (3) See section 5.5 for additional information on BIAS security.

537 3.2.6 BIASFaultDetail

Field Type # ? Meaning BIASFaultDetail Y Defines the error information associated with a SOAP fault.

BIASFaultType BIASFaultCode 1 Y References an error code.

BIASFaultMessage string 1 Y Provides a brief explanation of the fault.

BIASFaultDescription string 0..1 N Provides detailed information about a BIAS fault, such as trace details.

538 3.2.7 BIASIdentity

Field Type # ? Meaning BIASIdentity Y Defines a single element for encapsulating the data associated with an Identity. Includes the Identity’s reference identifiers, biographic data, and biometric data. The operations that use this type specify which elements are required.

SubjectID BIASIDType 0..1 C A system unique identifier for a subject. Required as input to many operations.

IdentityClaim BIASIDType 0..1 N An identifier by which a subject is known to a particular gallery or population group.

EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject. Required for encounter- centric models.

EncounterList EncounterListType 0..1 N A list of encounters associated with a subject.

BiographicData BiographicDataType 0..1 N An Identity’s biographic data.

BiographicDataElements BiographicDataType 0..1 N An Identity’s biographic data elements that are stored in the implementing system.

BiometricData BIASBiometricDataType 0..1 N An Identity’s biometric data.

539 3.2.8 BIASIDType

Type: string Description: A BIAS Identifier.

Field Type # ? Meaning BinaryBIR BaseBIRType Y Defines a BIR type of Binary

Binary base64Binary 1 Y BIR information in base64 binary format

542 3.2.10 BiographicDataItemType

Field Type # ? Meaning BiographicDataItemType Y Defines a single biographic data element.

Name string 1 Y The name of the biographic data item. Type string 1 Y The data type for the biographic data item.

Value string 0..1 N The value assigned to the biographic data item.

543 NOTE: This element can be used to transmit scanned identity documents or document information 544 (e.g., passports, driver’s license, birth certificates, utility bills, etc. required to establish an identity).

545 3.2.11 BiographicDataSetType

Field Type # ? Meaning BiographicDataSetType Y Defines a set of biographic data that is formatted according to the specified format. name string 1 Y The name of the biographic data format. Use these names for common formats: FBI-EFTS [EFTS], FBI- EBTS [EBTS-FBI], DOD-EBTS [EBTS-DOD], INT-I [INT- I], NIEM [NIEM], xNAL [xNAL], HR-XML [HR-XML]. version string 0..1 N The version of the biographic data format (e.g., “7.1” for FBI-EFTS or “2.0” for NIEM). source string 1 Y Reference to a URI/IRI describing the biographic data format. For example: (FBI-EFTS and FBI-EBTS) www.fbibiospecs.org, (DOD-EBTS) www.biometrics.dod.mil, (INT-I) www.interpol.int, (NIEM) www.niem.gov, (xNAL) www.oasis-open.org, (HR-XML) www.hr-xml.org. type string 1 Y The biographic data format type. Use these types for common formats: ASCII (e.g., for non-XML versions of FBI-EFTS, FBI-EBTS, DOD-EBTS, or INT-I), XML (e.g., for NIEM, xNAL, and HR-XML or future versions of FBI- EBTS).

unspecified any 0..* N Biographic data formatted according to a specific format. 546 NOTE: Biographic data formats are not limited to those listed. The string value is not enumerated. 547 If one of the common types are used, it MUST be indicated by the specified name values; however, 548 the service provider MAY offer other formats. See INCITS 442 for further information.

Field Type # ? Meaning BiographicDataType Y Defines a set of biographic data elements, utilizing either the BiographicDataItemType to represent a list of elements or the BiographicDataSetType to represent a complete, formatted set of biographic information. One of the following elements must be present.

LastName string 0..1 N The last name of a subject. FirstName string 0..1 N The first name of a subject.

BiographicDataItems BiographicDataItemType 0..1 N A list of biographic data elements.

BiographicDataItems BiographicDataItemType 1..* N A single biographic data element.

BiographicDataSet BiographicDataSetType 0..1 N A set of biographic data information.

550 NOTE: The implementer is given three choices for encoding biographic data: 551  Encode only first and last name using the defined fields within BiographicDataType 552  Define a list of biographic data elements using the BiographicDataItemType 553  Use a pre-defined set of biographic data (e.g., as specified in another standard) using 554 the BiographicDataSetType. 555 See also INCITS 442, section 8.1 for further information.

556 3.2.13 BiometricDataElementType

Field Type # ? Meaning BiometricDataElementType Y Provides descriptive information about biometric data, such as the biometric type, subtype, and format, contained in the BDB of the CBEFF-BIR.

BiometricType iso-iec19785-3- 1 Y The type of biological or behavioral 7:MultipleTypesType data stored in the biometric record, as defined by CBEFF.

BiometricTypeCount positiveInteger 0..1 N The number of biometric records having the biometric type recorded in the biometric type field.

BiometricSubType iso-iec19785-3- 0..1 N More specifically defines the type of 7:SubtypeType biometric data stored in the biometric record, as defined by CBEFF.

BDBFormatOwner positiveInteger 1 Y Identifies the standards body, working group, industry consortium, or other CBEFF biometric organization that has defined the format for the biometric data.

BDBFormatType positiveInteger 1 Y Identifies the specific biometric data format specified by the CBEFF biometric organization recorded in the BDB Format Owner field.

557 NOTE: XML biometric metadata (BIR header elements) is aligned with ISO/IEC 19785-3, XML 558 Patron Format. [CBEFF] 559

560 3.2.14 BiometricDataListType

Field Type # ? Meaning BiometricDataListType Y A list of biometric data elements.

BiometricDataElement BiometricDataElementType 0..* N Data structure containing information about a biometric record.

561 3.2.15 CandidateListResultType

Field Type # ? Meaning CandidateListResultType Y Defines a set of candidates, utilizing the CandidateType to represent each element in the set.

CandidateList CandidateListType 1 Y The candidate list.

563 3.2.16 CandidateListType

Field Type # ? Meaning CandidateListType Y Defines a set of candidates, utilizing the CandidateType to represent each element in the set.

Candidate CandidateType 0..* N A single candidate.

564 3.2.17 CandidateType

Field Type # ? Meaning CandidateType Y Defines a single candidate as a possible match in response to a biometric identification request.

Score Score 0..1 N The match score. Rank integer 1 Y The rank of the candidate in relation to other candidates for the same biometric identification operation.

BiographicData BiographicDataType 0..1 N Biographic data associated with the candidate match.

BIRList CBEFF_BIR_ListType 1 Y Biometric data associated with the candidate match.

565 3.2.18 CapabilityListType

Field Type # ? Meaning CapabilityListType Y Defines a set of capabilities.

Capability CapabilityType 0..* N A single capability.

566 3.2.19 CapabilityName

Type: string Description: A list of capability items.

567CapabilityName Enumeration Values

Value Description AggregateInputDataOptional A data element accepted as optional input by the implementing system for the aggregate services. AggregateInputDataRequired A data element required as input by the implementing system for the aggregate services. AggregateProcessingOption A processing option supported by the implementing system for the aggregate services. AggregateReturnData A data element returned by the implementing system for the aggregate services. AggregateServiceDescription Describes the processing logic of an aggregate service supported by the implementing system. BiographicDataSet Identifies a biographic data set supported by the implementing system. CBEFFPatronFormat A patron format supported by the implementing system. ClassificationAlgorithmType A classification algorithm type supported by the implementing system. ConformanceClass Identifies the conformance class of the BIAS implementation. Gallery A gallery or population group supported by the implementing system.

111biasprofile-v1.0-csprd02 112 23 February 2011 113Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 114 Page 23 of 194 Value Description IdentityModel Identifies whether the implementing system is person-centric or encounter-centric based. MatchScore Identifies the use of match scores returned by the implementing system. QualityAlgorithm A quality algorithm vendor and algorithm vendor product ID supported by the implementing system. SupportedBiometric A biometric type supported by the implementing system. TransformOperation A transform operation type supported by the implementing system.

568 3.2.20 CapabilityType

Field Type # ? Meaning CapabilityType Y Defines a single capability supported by an implementing system.

CapabilityName CapabilityName 1 Y The name of the capability. CapabilityID string 0..1 N An identifier assigned to the capability by the implementing system.

CapabilityDescription string 0..1 N A description of the capability.

CapabilityValue string 0..1 N A value assigned to the capability.

CapabilitySupportingValue string 0..1 N A secondary value supporting the capability.

CapabilityAdditionalInfo string 0..1 N Contains additional information for the supported capability.

569 3.2.21 CBEFF_BIR_ListType

Field Type # ? Meaning CBEFF_BIR_ListType Y A list of CBEFF-BIR elements.

BIR CBEFF_BIR_Type 0..* N CBEFF structure containing information about a biometric sample.

570 3.2.22 CBEFF_BIR_Type

Field Type # ? Meaning CBEFF_BIR_Type Y Represents biometric information, with either a non-XML or XML representation.

FormatOwner positiveInteger 1 Y Identifies the Patron format owner.

FormatType positiveInteger 1 Y Identifies the Patron format type. BIR_Information 0..1 N Describes what is contained in a BIR.

BIR_Info iso-iec19785-3- 0..1 N Contains information about the 7:BIRInfoType CBEFF-BIR.

BDB_Info iso-iec19785-3- 0..1 N Contains information about the BDB 7:BDBInfoType in a simple CBEFF-BIR.

SB_Info iso-iec19785-3- 0..1 N Contains information about the 7:SBInfoType security block, if used, in a simple CBEFF-BIR.

BIR BaseBIRType 1 Y One of the following sub-elements must be present: BinaryBIR, URI_BIR, or XML_BIR.

571NOTE: The implementer is given three choices for encoding a BIR: 572  As an XML BIR (following the XML Patron format as specified in [CBEFF] Part 3, Clause 13) 573  As a reference to a URI (from which the receiver would retrieve the actual BIR) 574  As a complete Base64 encoded binary (non-XML) BIR. 575The latter two alternatives can use any CBEFF Patron Format. The optional BIR_Information provides a 576mechanism for exposing metadata associated with a BIR format that is not easily decoded (i.e., a non- 577XML BIR). See section 5.3 for more information on handling of binary data within BIAS and INCITS 442, 578Clause 8.2, for more information on representing biometric data. 579NOTE: 580 (1) XML BIRs MUST conform to ISO/IEC 19785-3 (clause 13, XML Patron Format); however, non- 581 XML (binary) and URI BIRs MAY implement any CBEFF patron format. 582 (2) It is RECOMMENDED that only registered CBEFF patron formats be used; however, in closed 583 systems, this may not be required.

584 3.2.23 Classification

Type: string Description: The result of a classification.

585 3.2.24 ClassificationAlgorithmType

Type: string Description: Type of classification algorithm that was used to perform the classification.

Field Type # ? Meaning ClassificationData Y Contains information on classification results and the algorithm used to determine the classification.

Classification Classification 1 Y The result of the classification.

ClassificationAlgorithmType ClassificationAlgorithmType 1 Y Identifies the type of classification algorithm that was used to perform the classification.

587 3.2.26 EncounterListType

Field Type # ? Meaning EncounterListType Y Defines a set of encounters.

EncounterID BIASIDType 0..* N The identifier of an encounter.

588 3.2.27 FusionDecision

Type: string Description: The match decision assigned by the matching algorithm

590 3.2.28 FusionInformationListType

Field Type # ? Meaning FusionInformationListType Y Contains at a minimum two sets of fusion input elements, as input to the PerformFusion operation.

FusionElement FusionInformationType 2..* Y A set of fusion information.

591 3.2.29 FusionInformationType

Field Type # ? Meaning FusionInformationType Y Represents the information necessary to perform a fusion operation.

BiometricType iso-iec19785-3- 1 Y The type of biological or behavioral data 7:MultipleTypesTy stored in the biometric record, as defined pe by CBEFF.

BiometricSubType iso-iec19785-3-7: 0..1 N More specifically defines the type of SubtypeType biometric data stored in the biometric record.

AlgorithmOwner string 1 Y The owner or vendor of the algorithm used to determine the score or decision.

AlgorithmType string 1 Y The Algorithm Owner’s identifier for the specific algorithm product and version used to determine the score or decision.

FusionResult FusionResult 0..1 C Either FusionScore or a FusionDecision element MUST be used.

592 3.2.30 FusionResult

Type: complexType Description: The base type for any resulting types which indicate the status of a Fusion operation

593 3.2.31 FusionScore

Type: Score Description: The similarity score assigned by the matching algorithm.

595 3.2.32 GenericRequestParameters

Field Type # ? Meaning GenericRequestParameters Y Common request parameters that can be used to identify the requester.

Application ApplicationIdentifier 0..1 N Identifies the requesting application.

ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested.

596 NOTE: See section 5.4 for alternatives for identifying the requested BIAS operation in a BIAS 597 SOAP message.

598 3.2.33 IdentifySubjectResultType

Description: A base type for all types that could be returned from the IdentifySubject operation

Field Type # ? Meaning InformationType Y Allows for an unlimited number of data element types, and it does not specify nor require any particular data element.

unspecified any 0..* N

601 3.2.35 ListFilterType

Field Type # ? Meaning ListFilterType Y Provides a method to filter the amount of information returned in a search of biometric data.

BiometricTypeFilters 1 Y BiometricTypeFilter iso-iec19785-3- 1..* Y Limits the returned information to a 7:MultipleTypesT specific type of biometric, as defined ype by CBEFF.

IncludeBiometricSubType boolean 1 Y A Boolean flag indicating if biometric subtype information should be returned.

602 3.2.36 MatchType

Type: boolean Description: The result of a fusion method.

603 3.2.37 ProcessingOptionsType

Field Type # ? Meaning ProcessingOptionsType Y BIAS aggregate operations support the ability to include various processing options which direct and possibly control the business logic for that operation. The ProcessingOptionsType provides a method to represent those options. Processing options SHOULD be defined by the implementing system.

Option string 0..* N An option supported by the implementing system.

604 3.2.38 ProductID

Type: string Description: The vendor’s ID for a particular product.

Field Type # ? Meaning QualityData Y Contains information about a biometric sample’s quality and the algorithm used to compute the quality.

QualityScore iso-iec19785-3- 0..1 N The quality of a biometric sample. 7:QualityType

AlgorithmVendor VendorIdentifier 1 Y The vendor of the quality algorithm used to determine the quality score.

AlgorithmVendorProductID ProductID 1 Y The vendor’s ID for the algorithm used to determine the quality.

AlgorithmVersion VersionType 0..1 N The version of the algorithm used to determine the quality.

606 3.2.40 ResponseStatus

Field Type # ? Meaning ResponseStatus Y

Return ReturnCode 1 Y The return code indicates the return status of the operation.

Message string 0..1 N A short message corresponding to the return code.

607 3.2.41 ReturnCode

Type: unsignedLong Description: Return value specifying success or other condition.

608 609ReturnCode Enumeration Values

Value Description 0 Success

610 3.2.42 Score

Type: float Description: Match result or quality score.

611 NOTE: Matching scores MAY be in a standardized or proprietary form in terms of value range and 612 interpretation. Quality scores, however, follow the definition found in ISO/IEC 19785-3, Clause 13.

Field Type # ? Meaning TokenResultType Y Defines a token that is returned for asynchronous processing.

TokenType TokenType 1 Y Defines a token that is returned for asynchronous processing.

615 3.2.44 TokenType

Field Type # ? Meaning TokenType Y Defines a token that is returned for asynchronous processing.

TokenValue string 1 Y A value returned by the implementing system that is used to retrieve the results to an operation at a later time.

Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.

616 NOTE: Date/time format is defined in INCITS 442 and is consistent with the date format specified 617 in ISO/IEC 19785-3 and ISO 8601 [DATE-TIME].See also Annex A for schema definition.

618 3.2.45 URI_BIR

Field Type # ? Meaning URI_BIR BaseBIRType Y Defines a BIR type of Binary

URI anyURI 1 Y The URI of the BIR

620 3.2.46 VendorIdentifier

Type: string

Description: Identifies a vendor.

621 NOTE: Vendor identifiers are registered with IBIA as the CBEFF registration authority (see 622 ISO/IEC 19785-2). Registered biometric organizations are listed at: 623 http://www.ibia.org/cbeff/_biometric_org.php.

624 3.2.47 Version

Field Type # ? Meaning Version Y

major nonNegativeInteger 1 Y

minor nonNegativeInteger 1 Y For a description or definition of each data element, see the referenced CBEFF standards in the CBEFF_BIR_Typeschema.

625 3.2.48 VersionType

Type: string Description: The version of a component.

626 3.2.49 XML_BIR

Field Type # ? Meaning XML_BIR BaseBIRType Y Defines a BIR type of Binary

XML Iso-iec19785- 1 Y BIR information in XML format 3-7:BIRType

151biasprofile-v1.0-csprd02 152 23 February 2011 153Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 154 Page 31 of 194 6284 BIAS Messages 629This section describes the BIAS messages implementing BIAS operations as defined in ANSI INCITS 630442-2010. The operations are listed alphabetically, with each operation containing a request and a 631response message. The tables follow the conventions described in section 3.1.

6324.1 Primitive Operations

633 4.1.1 AddSubjectToGallery 634AddSubjectToGalleryRequest 635AddSubjectToGalleryResponse 636The AddSubjectToGallery operation registers a subject to a given gallery or population group. As an 637OPTIONAL parameter, the value of the claim to identity by which the subject is known to the gallery MAY 638be specified. This claim to identity MUST be unique across the gallery. If no claim to identity is specified, 639the subject ID (assigned with the CreateSubject operation) will be used as the claim to identity. 640Additionally, in the encounter-centric model, the encounter ID associated with the subject’s biometrics that 641will be added to the gallery MUST be specified. 642 Request Message

Field Type # ? Meaning AddSubjectToGallery Y Register a subject to a given gallery or population group.

AddSubjectToGalleryRequest 1 Y

GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “AddSubjectToGallery”.

GalleryID BIASIDType 1 Y The identifier of the gallery or population group to which the subject will be added.

Identity BIASIdentity 1 Y The identity to add to the gallery.

SubjectID BIASIDType 1 Y A system unique identifier for a subject.

IdentityClaim BIASIDType 0..1 N An identifier by which a subject is known to a particular gallery or population group. (This could be a username or account number, for example.)

643 Response Message

Field Type # ? Meaning AddSubjectToGalleryResponse Y The response to an AddSubjectToGallery operation.

AddSubjectToGalleryResponsePackage 1 Y

ResponseStatus ResponseStatus 1 Y Returned status for the operation.

644 4.1.2 CheckQuality 645CheckQualityRequest 646CheckQualityResponse 647The CheckQuality operation returns a quality score for a given biometric. The biometric input is provided 648in a CBEFF basic structure or CBEFF record, which in this specification is called a CBEFF-BIR. The 649algorithm vendor and algorithm vendor product ID MAY be optionally provided in order to request a 650particular algorithm’s use in calculating the biometric quality. If an algorithm vendor is provided then the 651algorithm vendor product ID is REQUIRED. If no algorithm vendor is provided, the implementing system 652will provide the algorithm vendor and algorithm vendor product ID that were used to calculate the 653biometric quality as output parameters.

Field Type # ? Meaning CheckQuality Y Calculate a quality score for a given biometric.

CheckQualityRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “CheckQuality”.

BiometricData BIASBiometricDataType 1 Y Data structure containing a single biometric sample for which a quality score is to be determined.

BIR CBEFF_BIR_Type 1 Y The biometric sample.

Quality QualityData 0..1 N Specifies a particular algorithm vendor and vender product ID.

Field Type # ? Meaning CheckQualityResponse Y The response to a CheckQuality operation.

CheckQualityResponsePackage 1 Y

QualityInfo QualityData 1 Y Contains the quality information for the submitted biometric sample.

QualityScore iso-iec19785-3- 0..1 N The quality of a biometric 7:QualityType sample.

AlgorithmVersion VersionType 1 Y The version of the algorithm used to determine the quality.

656 4.1.3 ClassifyBiometricData 657ClassifyBiometricDataRequest 658ClassifyBiometricDataResponse 659The ClassifyBiometricData operation attempts to classify a biometric sample. For example, a fingerprint 660biometric sample may be classified as a whorl, loop, or arch (or other classification classes and sub- 661classes). 662To obtain the types of classification algorithms and classes, see the QueryCapabilities operation.

Field Type # ? Meaning ClassifyBiometricData Y Classifies a biometric sample. ClassifyBiometricDataRequest 1 Y GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “ClassifyBiometricData ”.

BiometricData BIASBiometricDataType 1 Y Data structure containing a single biometric sample for which the classification is to be determined.

BIR CBEFF_BIR_Type 1 Y The biometric sample.

Field Type # ? Meaning ClassifyBiometricDataResponse Y The response to a ClassifyBiometricData operation, containing the classification of a biometric sample.

ClassifyBiometricDataResponsePackage 1 Y

ClassificationData ClassificationData 1 Y Information on the results and type of classification performed.

Classification Classification 1 Y The result of the classification.

ClassificationAlgorithmType ClassificationAlgor 1 Y Identifies the type of ithmType classification algorithm that was used to perform the classification.

665 4.1.4 CreateSubject 666CreateSubjectRequest 667CreateSubjectResponse 668The CreateSubject operation creates a new subject record and associates a subject ID to that record. As 669an optional parameter, the subject ID MAY be specified by the caller. If no subject ID is specified, the 670CreateSubject operation will generate one. 671 Request Message

Field Type # ? Meaning CreateSubject Y

CreateSubjectRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “CreateSubject”.

Field Type # ? Meaning CreateSubjectResponse Y The response to a CreateSubject operation, containing the subject ID of the new subject record.

CreateSubjectRespons 1 Y ePackage

ResponseStatus ResponseStatus 1 Y Returned status for the operation. Return ReturnCode 1 Y The return code indicates the return status of the operation.

Identity BIASIdentity 1 Y

673 4.1.5 DeleteBiographicData 674DeleteBiographicDataRequest 675DeleteBiographicDataResponse 676The DeleteBiographicData operation erases all of the biographic data associated with a given subject 677record. In the encounter-centric model the operation erases all of the biographic data associated with a 678given encounter, and therefore the encounter ID MUST be specified. 679When deleting data, BIAS implementations MAY completely erase the information in order to prevent the 680ability to reconstruct a record in whole or in part, or they MAY track and record the deleted information for 681auditing and/or quality control purposes. 682 Request Message

Field Type # ? Meaning DeleteBiographicData Y Erase all of the biographic data associated with a given subject record or, in the encounter-centric model, with a given encounter.

DeleteBiographicDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “DeleteBiographicData” .

EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject. Required for encounter-centric models.

Field Type # ? Meaning DeleteBiographicDataResponse Y The response to a DeleteBiographicData operation. DeleteBiographicDataResponsePackage 1 Y ResponseStatus ResponseStatus 1 Y Returned status for the operation.

684 4.1.6 DeleteBiometricData 685DeleteBiometricDataRequest 686DeleteBiometricDataResponse 687The DeleteBiometricData operation erases all of the biometric data associated with a given subject 688record. In the encounter-centric model the operation erases all of the biometric data associated with a 689given encounter, and therefore the encounter ID MUST be specified. 690When deleting data, BIAS implementations MAY completely erase the information in order to prevent the 691ability to reconstruct a record in whole or in part, or they MAY track and record the deleted information for 692auditing and/or quality control purposes.

Field Type # ? Meaning DeleteBiometricData Y Erase all of the biometric data associated with a given subject record or, in the encounter-centric model, with a given encounter. DeleteBiometricDataRequest 1 Y GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “DeleteBiometricData”.

Field Type # ? Meaning DeleteBiometricDataResponse Y The response to a DeleteBiometricData operation.

DeleteBiometricDataResponsePackage 1 Y

695 4.1.7 DeleteSubject 696DeleteSubjectRequest 697DeleteSubjectResponse 698The DeleteSubject operation deletes an existing subject record and, in an encounter-centric model, any 699associated encounter information from the system. This operation also removes the subject from any 700registered galleries. 701When deleting a subject, BIAS implementations MAY completely erase the subject information in order to 702prevent the ability to reconstruct a record or records in whole or in part, or they MAY track and record the 703deleted information for auditing and/or quality control purposes. 704 Request Message

Field Type # ? Meaning DeleteSubject Y Delete an existing subject record and, in an encounter-centric model, any associated encounter information. DeleteSubjectRequest 1 Y GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “DeleteSubject”.

Identity BIASIdentity 1 Y The identity of the subject to delete.

Field Type # ? Meaning DeleteSubjectResponse Y The response to a DeleteSubject operation.

DeleteSubjectRespons 1 Y ePackage

ResponseStatus ResponseStatus 1 Y Returned status for the operation. Return ReturnCode 1 Y The return code indicates the return status of the operation.

706 4.1.8 DeleteSubjectFromGallery 707DeleteSubjectFromGalleryRequest 708DeleteSubjectFromGalleryResponse 709The DeleteSubjectFromGallery operation removes the registration of a subject from a gallery or 710population group. The subject is identified by either the subject ID or the claim to identity that was 711specified in the AddSubjectToGallery operation. 712 Request Message

Field Type # ? Meaning DeleteSubjectFromGallery Y Remove the registration of a subject from a gallery or population group.

DeleteSubjectFromGalleryRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “DeleteSubjectFromGall ery”.

GalleryID BIASIDType 1 Y The identifier of the gallery or population group from which the subject will be deleted.

Identity BIASIdentity 1 Y The identity to remove from the gallery.

SubjectID BIASIDType 0..1 C A system unique identifier for a subject. Required if an Identity Claim is not provided.

IdentityClaim BIASIDType 0..1 C An identifier by which a subject is known to a particular gallery or population group. Required if a Subject ID is not provided.

Field Type # ? Meaning DeleteSubjectFromGalleryResponse Y The response to a DeleteSubjectFromGallery operation. DeleteSubjectFromGalleryResponsePackag e

Message string 0.. N A short message 1 corresponding to the return code.

714 4.1.9 GetIdentifySubjectResults 715GetIdentifyResultsRequest 716GetIdentifySubjectResultsResponse 717The GetIdentifySubjectResults operation retrieves the identification results for the specified token. This 718opereation is used in conjunction with the IdentifySubject operation. If the IdentifySubject operation is 719implemented as an asynchronous service, the implementing system returns a token and the 720GetIdentifySubjectResults operation is used to poll for the results of the original IdentifySubject request.

Field Type # ? Meaning GetIdentifySubjectResults Y Retrieve the identification results for a specified token, which was returned by the IdentifySubject operation. GetIdentifySubjectResultsReque 1 Y st GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “GetIdentifySubjectRes ults”.

Token TokenType 1 Y A value used to retrieve the results of an IdentifySubject request.

Field Type # ? Meaning GetIdentifySubjectResultsResponse Y The response to a GetIdentifySubjectResults operation, which includes a candidate list.

GetIdentifySubjectResultsRespons 1 Y ePackage

CandidateList CandidateListType 1 Y A rank-ordered list of candidates that have a likelihood of matching the input biometric sample.

Candidate CandidateType 0..* N A single candidate. Score Score 0..1 N The match score. BiographicData BiographicDataType 0..1 N Biographic data associated with the candidate match.

723 4.1.10 IdentifySubject 724IdentifySubjectRequest 725IdentifySubjectResponse 726The IdentifySubject operation performs an identification search against a given gallery for a given 727biometric, returning a rank-ordered candidate list of a given maximum size. 728If the IdentifySubject operation is implemented as a synchronous service, the implementing system 729immediately processes the request and returns the results in the candidate list. If the IdentifySubject 730operation is implemented as an asynchronous service, the implementing system returns a token, which is 731an indication that the request is being handled asynchronously. In this case, the 732GetIdentifySubjectResults operation is used to poll for the results of the IdentifySubject request. 733 Request Message

Field Type # ? Meaning IdentifySubject Y Perform an identification search against a given gallery for a given biometric.

IdentifySubjectRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “IdentifySubject”.

GalleryID BIASIDType 1 Y The identifier of the gallery or population group which will be searched.

Identity BIASIdentity 1 Y Contains the BIR, a data structure containing the biometric sample for the search.

BiometricData BIASBiometricDataType 1 Y An Identity’s biometric data.

BIR CBEFF_BIR_Type 1 Y Contains biometric information in either a non-XML or an XML representation.

MaxListSize positiveInteger 1 Y The maximum size of the candidate list that should be returned.

Field Type # ? Meaning IdentifySubjectResponse Y The response to an IdentifySubject operation, returning a rank-ordered candidate list.

IdentifySubjectResponsePackage 1 Y

CandidateList CandidateListResultTy 0..1 C A rank-ordered list of pe candidates that have a (see likelihood of matching the IdentifySubjectResultT input biometric sample (i.e., ype) exceed the system threshold). Rank ordering is from highest to lowest match score. Returned with successful synchronous request processing.

Candidate CandidateType 0..* N A single candidate. Score string 0..1 N The match score. BiographicData BiographicDataType 0..1 N Biographic data associated with the candidate match.

Token TokenResultType 0..1 C A token used to retrieve the (see results of the IdentifySubject IdentifySubjectResultT operation. ype) Returned with asynchronous request processing.

735 NOTES:

231biasprofile-v1.0-csprd02 232 23 February 2011 233Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 234 Page 47 of 194 736 (1) In the event that the number of candidates exceeding the threshold exceeds the 737 MaxListSize, the system will determine which candidate is included in the last position of 738 the rank ordered candidate list (i.e., in the event of a tie). 739 (2) Requesters MAY NOT change the system thresholds.

740 4.1.11 ListBiographicData 741ListBiographicDataRequest 742ListBiographicDataResponse 743The ListBiographicData operation lists the biographic data elements stored for a subject using the 744Biographic Data Elements output parameter. Note that no actual biographic data is returned by this 745operation (see the RetrieveBiographicInformation operation to obtain the biographic data). In the 746encounter-centric model, an encounter ID MAY be specified to indicate that only the biographic data 747elements stored for that encounter should be returned. If an encounter ID is not specified and encounter 748data exists for the subject, the operation returns the list of encounter IDs which contain biographic data 749using the Encounter List output parameter, and the Biographic Data Elements output parameter is empty. 750 Request Message

Field Type # ? Meaning ListBiographicData Y Lists the biographic data elements stored for a subject.

ListBiographicDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “ListBiographicData”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter- centric model, a subject and an encounter.

EncounterID BIASIDType 0..1 N The identifier of an encounter associated with the subject.

Field Type # ? Meaning ListBiographicDataResponse Y The response to a ListBiographicData request, containing a list of biographic data elements stored for a subject. In the encounter-centric model, the biographic data elements for a specific encounter are returned. If an encounter ID is not specified and encounter data exists for the subject, the list of encounter IDs which contain biographic data is returned.

ListBiographicDataResponsePackage 1 Y

Identity BIASIdentity 1 Y Contains a list of biographic data elements associated with a subject or encounter; non-empty if the service was successful, biographic data exists, and either (a) the person-centric model is being used or (b) the encounter- centric model is being used and an encounter identifier was specified.

BiographicDataElements BiographicDataType 0..1 C An Identity’s biographic data elements that are stored in the implementing system.

BiographicDataItem BiographicDataItemType 0..* N A single biographic data element.

Name string 1 Y The name of the biographic data item.

Type string 1 Y The data type for the biographic data item.

EncounterList EncounterListType 0..1 C A list of encounter ID’s associated with a subject and which contain biographic data; non-empty if the service was successful, biographic data exists, the encounter-centric model is being used, and an encounter identifier was not specified.

EncounterID BIASIDType 0..* N The identifier of an encounter.

752 4.1.12 ListBiometricData 753ListBiometricDataRequest 754ListBiometricDataResponse 755The ListBiometricData operation lists the biometric data elements stored for a subject using the Biometric 756Data List output parameter. Note that no actual biometric data is returned by this operation (see the 757RetrieveBiometricInformation operation to obtain the biometric data). In the encounter-centric model, an 758encounter ID MAY be specified to indicate that only the biometric data elements stored for that encounter 759should be returned. If an encounter ID is not specified and encounter data exists for the subject, the 760operation returns the list of encounter IDs which contain biometric data using the Encounter List output 761parameter, and the Biometric Data List output parameter is empty. 762An optional parameter MAY be used to indicate a filter on the list of returned data. Such a filter may 763indicate that only biometric types should be listed (e.g., face, finger, iris, etc.) or that only biometric 764subtypes for a particular biometric type should be listed (e.g., all fingerprints: left slap, right index, etc.). If 765a filter is not specified, all biometric type and biometric subtype information are listed (e.g., left index 766finger, right iris, face frontal, etc.).

Field Type # ? Meaning ListBiometricData Y Lists the biometric data elements stored for a subject.

ListBiometricDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “ListBiometricData” .

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter.

ListFilterType ListFilterType 0..1 N Indicates what biometric information should be returned.

BiometricTypeFilter iso-iec19785-3-7:Multiple- 1..* Y Limits the returned types information to a specific type of biometric, as defined by CBEFF.

IncludeBiometricSubType boolean 1 Y A Boolean flag indicating if biometric subtype information should be returned.

Field Type # ? Meaning ListBiometricDataResponse Y The response to a ListBiometricData operation, containing a list of biometric data elements stored for a subject. In the encounter- centric model, the biometric data elements for a specific encounter are returned. If an encounter ID is not specified and encounter data exists for the subject, the list of encounter IDs which contain biometric data is returned.

ListBiometricDataResponsePackage 1 Y

Identity BIASIdentity 0..1 N Includes a list of biometric data elements associated with a subject or encounter or a list of encounter ID’s associated with a subject and which contain biometric data.

BiometricData BIASBiometricDataType 0..1 C An Identity’s biometric data.

BiometricDataList BiometricDataListType 0..1 N A list of biometric data elements. BiometricDataElementType 1..* Y Data structure BiometricDataElement containing information about a biometric record. iso-iec19785-3- 1 Y The type of BiometricType 7:MultipleTypesType biological or behavioral data stored in the biometric record, as defined by CBEFF. positiveInteger 0..1 N The number of BiometricTypeCount biometric records having the biometric type recorded in the biometric type field. iso-iec19785-3- 0..1 N More specifically BiometricSubType 7:SubtypeType defines the type of biometric data stored in the biometric record, as defined by CBEFF.

261biasprofile-v1.0-csprd02 262 23 February 2011 263Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 264 Page 53 of 194 Field Type # ? Meaning positiveInteger 1 Y Identifies the BDBFormatOwner standards body, working group, industry consortium, or other CBEFF biometric organization that has defined the format for the biometric data. positiveInteger 1 Y Identifies the BDBFormatType specific biometric data format specified by the CBEFF biometric organization recorded in the BDB Format Owner field.

EncounterList EncounterListType 0..1 C A list of encounter ID’s associated with a subject and which contain biometric data; non-empty if the service was successful, biometric data exists, the encounter-centric model is being used, and an encounter identifier was not specified.

EncounterID BIASIDType 1..* Y The identifier of an encounter.

769 4.1.13 PerformFusion 770PerformFusionRequest 771PerformFusionResponse 772The PerformFusion operation accepts either match score or match decision information and creates a 773fused match result. The FusionInformationListType, through the FusionInformationType, provides specific 774elements for match score input and match decision input. The fusion method and processes are left to the 775implementing system.

Field Type # ? Meaning PerformFusion Y Accepts either match score or match decision information and creates a fused match result.

PerformFusionRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “PerformFusion”.

FusionInput FusionInformationListType 1 Y Score or decision input information to the fusion method.

FusionElement FusionInformationType 2..* Y A set of fusion information.

BiometricType iso-iec19785-3- 1 Y The type of 7:MultipleTypesType biological or behavioral data stored in the biometric record, as defined by CBEFF.

BiometricSubType iso-iec19785-3- 0..1 N More specifically 7:SubtypeType defines the type of biometric data stored in the biometric record.

AlgorithmOwner string 1 Y The owner or vendor of the algorithm used to determine the score or decision.

AlgorithmType string 1 Y The Algorithm Owner’s identifier for the specific algorithm product and version used to determine the score or decision.

FusionResult FusionResult 0..1 C Either FusionScore or a FusionDecision element MUST be used.

Field Type # ? Meaning PerformFusionResponse Y The response to the PerformFusion operation.

PerformFusionResponsePackage 1 Y

Match MatchType 1 1 Indicates the result of the fusion method.

778 4.1.14 QueryCapabilities 779QueryCapabilitiesRequest 780QueryCapabilitiesResponse 781The QueryCapabilities operation returns a list of the capabilities, options, galleries, etc. that are supported 782by the BIAS implementation. Refer to Annex A in the INCITS BIAS standard for conformance 783requirements regarding which capability names an implementation must use in the QueryCapabilities 784operation. 785 Request Message

Field Type # ? Meaning QueryCapabilities Y Returns a list of the capabilities, options, galleries, etc. that are supported by the BIAS implementation.

QueryCapabilitiesRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “QueryCapabilities”.

Field Type # ? Meaning QueryCapabilitiesResponse Y The response to a QueryCapabilities operation. QueryCapabilitiesResponsePackage 1 Y ResponseStatus ResponseStatus 1 Y Returned status for the operation.

CapabilityList CapabilityListType 1 Y A list of capabilities supported by the BIAS implementation.

Capability CapabilityType 0..* N A single capability. CapabilityName CapabilityName 1 Y The name of the capability.

CapabilityID string 0..1 N An identifier assigned to the capability by the implementing system.

CapabilityDescription string 0..1 N A description of the capability.

CapabilityValue string 0..1 N A value assigned to the capability.

CapabilitySupportingValue string 0..1 N A secondary value supporting the capability.

CapabilityAdditionalInfo string 0..1 N Contains additional information for the supported capability.

787 4.1.15 RetrieveBiographicInformation 788RetrieveBiographicInformationRequest 789RetrieveBiographicInformationResponse 790The RetrieveBiographicInformation operation retrieves the biographic data associated with a subject ID. 791In the encounter-centric model, the encounter ID MAY be specified and the operationwill return the 792biographic data associated with that encounter. If the encounter ID is not specified in the encounter- 793centric model, the operation returns the biographic information associated with the most recent encounter. 794 Request Message

Field Type # ? Meaning RetrieveBiographicInformation Y Retrieves the biographic data associated with a subject ID. RetrieveBiographicInformation 1 Y Request GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “RetrieveBiographicI nformation”.

EncounterID BIASIDType 0.. N The identifier of an 1 encounter associated with the subject.

Field Type # ? Meaning RetrieveBiographicInformationResponse Y The response to a RetrieveBiographicInf ormation operation.

RetrieveBiographicInformationRespons 1 Y ePackage

Identity BIASIdentity 1 Y Includes the set of biographic data associated with a subject.

BiographicData BiographicDataType 1 Y An Identity’s biographic data. One of the following elements MUST be present.

LastName string 0..1 C The last name of a subject.

FirstName string 0..1 C The first name of a subject.

BiographicDataItem BiographicDataItemType 0..* C A single biographic data element.

BiographicDataSet BiographicDataItemType 0..1 C A set of biographic data information.

796 4.1.16 RetrieveBiometricInformation 797RetrieveBiometricInformationRequest 798RetrieveBiometricInformationResponse 799The RetrieveBiometricInformation operation retrieves the biometric data associated with a subject ID. In 800the encounter-centric model, the encounter ID MAY be specified and the operationwill return the biometric 801data associated with that encounter. If the encounter ID is not specified in the encounter-centric model, 802the operation returns the biometric information associated with the most recent encounter.The operation 803provides an OPTIONAL input parameter to specify that only biometric data of a certain type should be 804retrieved. 805 Request Message

Field Type # ? Meaning RetrieveBiometricInformation Y Retrieves the biometric data associated with a subject ID.

RetrieveBiometricInformationReque 1 Y st

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “RetrieveBiometricInfor mation”.

BiometricType iso-iec19785-3-7:Multiple- 0..1 N The type of biological types or behavioral data to retrieve.

Field Type # ? Meaning RetrieveBiometricInformationResponse Y The response to a RetrieveBiometricInformati on operation.

RetrieveBiometricInformationRespon 1 Y sePackage

Identity BIASIdentity 1 Y Includes the biometric data associated with a subject.

BIRList CBEFF_BIR_ListType 1 Y A list of CBEFF-BIR elements.

807 4.1.17 SetBiographicData 808SetBiographicDataRequest 809SetBiometricDataResponse 810The SetBiographicData operation associates biographic data to a given subject record. The identity model 811of the system determines whether the biographic information should replace any existing biographic 812information (person-centric model) or if a new encounter should be created and associated with the 813subject (encounter-centric model). For encounter-centric models, the encounter ID MAY be specified by 814the caller in order to link biographic and biometric information (assuming biometric information was

301biasprofile-v1.0-csprd02 302 23 February 2011 303Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 304 Page 61 of 194 815previously associated using the SetBiometricData operation). If the encounter ID is omitted for the 816encounter-centric model, the operation returns a system-assigned encounter ID. 817 Request Message

Field Type # ? Meaning SetBiographicData Y Associates biographic data to a given subject record.

SetBiographicDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “SetBiographicDat a”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biographic data to store.

BiographicDataSet BiographicDataSetType 0..1 C A set of biographic data information.

Field Type # ? Meaning SetBiographicDataResponse Y The response to a SetBiographicData operation. SetBiographicDataResponsePackage 1 Y ResponseStatus ResponseStatus 1 Y Returned status for the operation.

Identity BIASIdentity 0..1 C In an encounter-centric model, identifies the encounter ID assigned to a new encounter.

EncounterID BIASIDType 1 Y The identifier of an encounter associated with the subject.

819 4.1.18 SetBiometricData 820SetBiometricDataRequest 821SetBiometricDataResponse 822The SetBiometricData operation associates biometric data to a given subject record. The identity model of 823the system determines whether the biometric information should replace any existing biometric 824information (person-centric model) or if a new encounter should be created and associated with the 825subject (encounter-centric model). For encounter-centric models, the encounter ID MAY be specified by 826the caller in order to link biographic and biometric information (assuming biographic information was

311biasprofile-v1.0-csprd02 312 23 February 2011 313Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 314 Page 63 of 194 827previously associated using the SetBiographicData operation). If the encounter ID is omitted for the 828encounter-centric model, the operation returns a system-assigned encounter ID. 829 Request Message

Field Type # ? Meaning SetBiometricData Y Associates biometric data to a given subject record.

SetBiometricDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “SetBiometricData”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biometric data to store.

BIRList CBEFF_BIR_ListType 1 Y A list of CBEFF-BIR elements.

BIR CBEFF_BIR_Type 1..* Y CBEFF structure containing information about a biometric sample.

Field Type # ? Meaning SetBiometricDataResponse Y The response to a SetBiometricData operation.

SetBiometricDataResponsePackage 1 Y

Identity BIASIdentity 0..1 C In an encounter-centric model, identifies the encounter ID assigned to a new encounter.

EncounterID BIASIDType 1 Y The identifier of an encounter associated with the subject.

831 4.1.19 TransformBiometricData 832TransformBiometricDataRequest 833TransformBiometricDataResponse 834The TransformBiometricData operation transforms or processes a given biometric in one format into a 835new target format. 836 Request Message

Field Type # ? Meaning TransformBiometricData Y Transforms or processes a given biometric in one format into a new target format.

TransformBiometricDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “TransformBiometricDat a”.

InputBIR CBEFF_BIR_Type 1 Y Data structure containing the biometric information to be transformed.

TransformOperation unsignedLong 1 Y Value indicating the type of transformation to perform.

TransformControl string 0..1 N Specifies controls for the requested transform operation. Note: This could be a compression ratio, target data format, etc.

837 NOTE: The values for TransformOperation and TransformControl are implementation specific. 838 Response Message

Field Type # ? Meaning TransformBiometricDataResponse Y The response to a TransformBiometricData operation.

TransformBiometricDataResponsePackage 1 Y

OutputBIR CBEFF_BIR_Type 0..1 N Data structure containing the new, transformed biometric information.

839 4.1.20 UpdateBiographicData 840UpdateBiographicDataRequest 326biasprofile-v1.0-csprd02 327 23 February 2011 328Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 329 Page 66 of 194 841UpdateBiographicDataResponse 842The UpdateBiographicData operation updates the biographic data for an existing subject record. The 843operation replaces any existing biographic data with the new biographic data. In the encounter-centric 844model, the encounter ID MUST be specified. 845 Request Message

Field Type # ? Meaning UpdateBiographicData Y Updates the biographic data for a given subject record.

UpdateBiographicDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “UpdateBiographic Data”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biographic data to update.

BiographicDataSet BiographicDataSetType 0..1 C A set of biographic data information.

Field Type # ? Meaning UpdateBiographicDataResponse Y The response to an UpdateBiographicData operation.

UpdateBiographicDataResponsePackage 1 Y

847 4.1.21 UpdateBiometricData 848UpdateBiometricDataRequest 849UpdateBiometricDataResponse 850The UpdateBiometricData operation updates the biometric data for an existing subject record. The 851operation includes an OPTIONAL parameter indicating if the new biometric sample should be merged 336biasprofile-v1.0-csprd02 337 23 February 2011 338Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 339 Page 68 of 194 852with the existing biometric sample. If this parameter is set to “False” or is not used in the request, the 853operation replaces the existing biometric sample with the new biometric sample. In the encounter-centric 854model, the encounter ID MUST be specified. 855 Request Message

Field Type # ? Meaning UpdateBiometricData Y Updates a single biometric sample for a given subject record.

UpdateBiometricDataRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “UpdateBiometricData”.

Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biometric data to update.

BIR CBEFF_BIR_Type 1 Y Contains biometric information in either a non-XML or an XML representation.

Merge boolean 0..1 N Value indicating if the input biometric sample should be merged with any existing biometric information.

Field Type # ? Meaning UpdateBiometricDataResponse Y The response to an UpdateBiometricData operation.

UpdateBiometricDataResponsePackage 1 Y

857 4.1.22 VerifySubject 858VerifySubjectRequest 859VerifySubjectResponse 860The VerifySubject operation performs a 1:1 verification match between a given biometric and either a 861claim to identity in a given gallery or another given biometric. As such either the Identity Claim or 862Reference BIR input parameters are REQUIRED. 863 Request Message

Field Type # ? Meaning VerifySubject Y Performs a 1:1 verification match between a given biometric and either a claim to identity in a given gallery or another given biometric.

VerifySubjectRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “VerifySubject”.

GalleryID BIASIDType 0..1 C The identifier of the gallery or population group of which the subject must be a member. Required if an Identity Claim is provided.

Identity BIASIdentity 1 Y Includes the identifying information and/or input and reference biometric samples.

IdentityClaim BIASIDType 0..1 C An identifier by which a subject is known to a particular gallery or population group. Required if a Reference BIR is not provided.

InputBIR CBEFF_BIR_Type 1 Y Maps to specific INCITS BIAS elements as required by that specification.

ReferenceBIR CBEFF_BIR_Type 0..1 C Maps to specific INCITS BIAS elements as required by that specification. Required if an Identity Claim is not provided.

Field Type # ? Meaning VerifySubjectResponse Y The response to a VerifySubject operation.

351biasprofile-v1.0-csprd02 352 23 February 2011 353Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 354 Page 71 of 194 Field Type # ? Meaning VerifySubjectResponsePackage 1 Y ResponseStatus ResponseStatus 1 Y Returned status for the operation.

Match boolean 0..1 N Indicates if the Input BIR matched either the biometric information associated with the Identity Claim or the Reference BIR.

Score Score 0..1 N The score if the biometric information matched.

8654.2 Aggregate Operations

866 4.2.1 Enroll 867EnrollRequest 868EnrollResponse 869The Enroll operation adds a new subject or, in an encounter-centric model, a new encounter to the 870system. This may be accomplished in a number of different ways according to system requirements 871and/or resources.If the Enroll operation is implemented as a synchronous service, the implementing 872system immediately processes the request and returns the results in the Return Data parameter. If the 873Enroll operation is implemented as an asynchronous service, the implementing system returns a token in 874the Return Data parameter, which is an indication that the request is being handled asynchronously. In 875this case, the GetEnrollResults operationis used to poll for the results of the Enroll request. 876 Request Message

Field Type # ? Meaning Enroll Y Adds a new subject or, in an encounter-centric model, a new encounter to the system.

EnrollRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “Enroll”.

ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed.

InputData InformationType 1 Y Contains the input data for the operation, as required by the implementing system.

Field Type # ? Meaning EnrollResponse Y The response to an Enroll operation.

EnrollResponsePackage 1 Y

ReturnData InformationType 0..1 N Contains the output data for the response.

878 4.2.2 GetEnrollResults 879GetEnrollResultsRequest 880GetEnrollResultsResponse 881The GetEnrollResults operation retrieves the enrollment results for the specified token. This operation is 882used in conjunction with the Enroll operation. If the Enroll operation is implemented as an asynchronous 883service, the implementing system returns a token and the GetEnrollResults operation is used to poll for 884the results of the original Enroll request.

361biasprofile-v1.0-csprd02 362 23 February 2011 363Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 364 Page 73 of 194 885If the service provider implements an asynchronous Enroll operation, then it MUST also implement the 886GetEnrollResults operation. 887 Request Message

Field Type # ? Meaning GetEnrollResults Y Retrieves the enrollment results for the specified token. GetEnrollResultsRequest 1 Y GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “GetEnrollResults”.

Token TokenType 1 Y A value used to retrieve the results of the Enroll request.

Field Type # ? Meaning GetEnrollResultsResponse Y The response to a GetEnrollResults operation.

GetEnrollResultsResponsePackage 1 Y

889 4.2.3 GetIdentifyResults 890GetIdentifyResultsRequest 891GetIdentifyResultsResponse 892The GetIdentifyResults operation retrieves the identification results for the specified token. This operation 893is used in conjunction with the Identify operation. If the Identify operation is implemented as an 894asynchronous service, the implementing system returns a token and the GetIdentifyResults operation is 895used to poll for the results of the original Identify request. 896If the service provider implements an asynchronous Identify operation, then it MUST also implement the 897GetIdentifyResults operation. 898 899 Request Message

Field Type # ? Meaning GetIdentifyResults Y Retrieves the identification results for the specified token

GetIdentifyResultsRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “GetIdentifyResults”.

Token TokenType 1 Y A value used to retrieve the results of the Identify request.

Field Type # ? Meaning GetIdentifyResultsResponse Y The response to a GetIdentifyResults operation. GetIdentifyResultsResponsePackage 1 Y ResponseStatus ResponseStatus 1 Y Returned status for the operation.

901 4.2.4 GetVerifyResults 902GetVerifyResultsRequest 903GetVerifyResultsResponse 904The GetVerifyResults operation retrieves the verification results for the specified token. This operation is 905used in conjunction with the Verify operation. If the Verify operation is implemented as an asynchronous 906service, the implementing system returns a token and the GetVerifyResults operation is used to poll for 907the results of the original Verify request. 908If the service provider implements an asynchronous Verifyoperation, then it MUST also implement the 909GetVerifyResults operation.

Field Type # ? Meaning GetVerifyResults Y Retrieves the verification results for the specified token

GetVerifyResultsRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “GetVerifyResults”.

Token TokenType 1 Y A value used to retrieve the results of the Verify request.

Field Type # ? Meaning GetVerifyResultsResponse Y The response to a GetVerifyResults operation.

GetVerifyResultsResponsePackage 1 Y

912 4.2.5 Identify 913IdentifyRequest 914IdentifyResponse 915The Identify operation performs an identification function according to system requirements and/or 916resources.If the Identify operation is implemented as a synchronous service, the implementing system 917immediately processes the request and returns the results in the Return Data parameter. If the Identify 918operation is implemented as an asynchronous service, the implementing system returns a token in the 919Return Data parameter, which is an indication that the request is being handled asynchronously. In this 920case, the GetIdentifyResults operation is used to poll for the results of the Identify request. 921 Request Message

Field Type # ? Meaning Identify Y Performs an identification function. IdentifyRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “Identify”.

InputData InformationType 1 Y Contains the input data for the aggregate services.

Field Type # ? Meaning IdentifyResponse Y The response to an Identify operation.

IdentifyResponsePackage 1 Y

923 4.2.6 RetrieveInformation 924RetrieveInformationRequest 925RetrieveInformationResponse 926The RetrieveInformation operation retrieves requested information about a subject, or in an encounter- 927centric model about an encounter. In a person-centric model, this operation can be used to retrieve both 928biographic and biometric information for a subject record. In an encounter-centric model, this operation 929can be used to retrieve biographic and/or biometric information for either a single encounter or all 930encounters. Either a subject ID or encounter ID MUST be specified. 931 Request Message

Field Type # ? Meaning RetrieveInformation Y Retrieves requested information about a subject or encounter.

RetrieveInformationRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “RetrieveInformation”.

ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed, and MAY identify what type(s) of information should be returned.

Identity BIASIdentity 1 Y Includes the identifier of the subject or encounter.

SubjectID BIASIDType 0..1 C A system unique identifier for a subject. Required if an Encounter ID is not provided.

EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject. Required if a Subject ID is not provided.

Field Type # ? Meaning RetrieveInformationResponse Y Response to a RetrieveInformation operation. RetrieveInformationResponsePackage 1 Y

933 4.2.7 Verify 934VerifyRequest 935VerifyResponse 936The Verify operation performs a 1:1 verification function according to system requirements and/or 937resources. Either the Identity Claim or Reference BIR input parameters are REQUIRED.If the Verify 938operation is implemented as a synchronous service, the implementing system immediately processes the 939request and returns the results in the Return Data parameter. If the Verify operation is implemented as an 940asynchronous service, the implementing system returns a token in the Return Data parameter, which is 941an indication that the request is being handled asynchronously. In this case, the GetVerifyResults 942operation is used to poll for the results of the Verify request. 943 Request Message

Field Type # ? Meaning Verify Y Performs a 1:1 verification function. VerifyRequest 1 Y

BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “Verify”.

InputData InformationType 1 Y Contains the input data for the aggregate services.

Identity BIASIdentity 1 Y Includes either the Identity Claim or Reference BIR.

IdentityClaim BIASIDType 0..1 C An identifier by which a subject is known to a particular gallery or population group. Required if a Reference BIR is not provided.

BiometricData BIASBiometricDataType 0..1 N An Identity’s biometric data.

ReferenceBIR CBEFF_BIR_Type 0..1 C Maps to specific INCITS BIAS elements as required by that specification. Required if an Identity Claim is not provided.

GalleryID BIASIDType 0..1 C The identifier of the gallery or population group of which the subject must be a member. Required if an Identity Claim is provided.

Field Type # ? Meaning VerifyResponse Y The response to a Verify operation.

VerifyResponsePackage 1 Y

411biasprofile-v1.0-csprd02 412 23 February 2011 413Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 414 Page 83 of 194 9465 Message structure and rules 947BIAS operations and data elements are defined in XML in the INCITS 422 BIAS standard. This OASIS 948standard further specifies the full XML schema (see AnnexA) and specifies how this XML is packaged 949and exchanged as SOAP messages. 950Annex A provides a WSDL of operations and structures aggregated from all the conformance classes, 951both synchronous and asynchronous. A specific implementation’s WSDL must only expose its respective 952operations and structures. For example, for a Class 5-only conformant implementation, all of the primitive 953operations must not be exposed as operations (with the exception of QueryCapabilities) unless that 954functionality is supported. Additionally, the WSDL exposed by an implementation shall not contain 955instances of xsd:any, xsd:anyType, or xsd:anyAttribute; these instances must be replaced with explicit 956schema contents. An example is the XML complex type, InformationType, which has xsd:any as its only 957child. This type is used to represent implementation-specific input data and return data. The children of 958InformationType must be replaced with explicit content. Doing so removes the ability to transmit 959unexpected or arbitrary data. Also, it provides a clear definition of information that a client needs to 960provide to the server,or expect to receive,to optimally perform an operation. 961SOAP 1.1 messages consist of three elements: an envelope, header data, and a message body. BIAS 962request-response elements MUST be enclosed within the SOAP message body. The general structure of 963the BIAS SOAP message is shown in Figure 4, below. The data model for BIAS is addressed in Section3 964and BIAS messages in Section 4. 965 SOAP Envelope

SOAP Header

SOAP Body

SOAP Payload

BIAS XML Elements

966 967 Figure 4. BIAS SOAP Structure 968 969Biometric data, regardless of native format, is carried as a binary structure. As such, options exist on how 970this data is carried within the SOAP structure. It can be carried as embedded Base-64 objects or [XOP] 971can be used – this standard allows for either method (See section 5.3).

416biasprofile-v1.0-csprd02 417 23 February 2011 418Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 419 Page 84 of 194 9725.1 Purpose and constraints 973This document defines a SOAP profile describing how the XML elements defined in INCITS 442 are to be 974used as the payload of a SOAP message and the rules for structuring and exchanging such messages. 975Philosophical tenets include: 976  SOAP messages will carry BIAS XML [XML 10] payloads. 977  SOAP messages will follow WS-I and will deviate only when absolutely necessary. 978  Message structures and interchanges will be kept as simple as possible – “nice to have” 979 features will be addressed in future revisions. 980  XML schemas will be produced based on INCITS 442. 981  BIAS will support a broad range of application domains. 982  BIAS will allow for a variety of biometric and biographic data formats to be used 983  Only the SOAP messaging will be defined – no message protocols or client/server agents 984 will be defined. 985  Basic usage/formatting rules (beyond WS-I) will be defined. 986  Existing biometric and Web services standards will be leveraged wherever possible. 987  Sample WSDL and use cases will be provided as an aid in implementation. 988  Use of basic SOAP will allow all other compatible WS* standards (and discovery 989 mechanisms) to be used in conjunction with BIAS messaging. 990  BIAS will support both secure (i.e., using existing security mechanisms such as WS- 991 Security, SAML, etc,) and non-secure implementations. 992  Generic biometric operations will be defined – use of biometrics within a Web services 993 authentication protocol is not addressed. 994  OASIS namespace rules will be followed, though some external schemas MAY also be 995 referenced.

9965.2 Message requirements 997BIAS SOAP messages MUST conform to [WS-I-Basic] and [WS-I-Bind]. A single BIAS SOAP message 998MUST contain only one BIAS service request (or single BIAS service response). Binary components of 999BIAS messages are already Base-64 encoded and therefore do not need to be conveyed as SOAP 1000attachments (though XOP MAY be utilized). 1001The system model used for BIAS conversations over SOAP is a simple request-response model. BIAS 1002comprises both synchronous and asynchronous operations, with the majority being of the former type. 1003Asynchronous operations are implemented through message pairs. That is, there are separate messages 1004to request the operation and to request the results of the operation. These have been defined for those 1005operations that are likely to take significant time to complete. For example, an identify operation can be 1006implemented as either a synchronous or asynchronous service as follows: 1007

421biasprofile-v1.0-csprd02 422 23 February 2011 423Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 424 Page 85 of 194 service provider client service provider client IdentifySubject () IdentifySubject () Return, Token Return, CandidateList

GetIdentifySubjectResults (Token)

Return, CandidateList

1008 (a) Synchronous Operation (b) Asynchronous Operation 1009 Figure 5. Example of Synchronous and Asynchronous BIAS Operations 1010 1011 1012The basic process for using SOAP for BIAS operations is: 1013 1. A system entity acting as a BIAS requester transmits a BIAS request element within the body of a 1014 SOAP message to a system entity acting as a BIAS responder. The BIAS requester MUST NOT 1015 include more than one BIAS request per SOAP message or include any additional XML elements 1016 in the SOAP body. 1017 2. The BIAS responder MUST return either a BIAS response element within the body of another 1018 SOAP message or generate a SOAP fault. The BIAS responder MUST NOT include more than 1019 one BIAS response per SOAP message or include any additional XML elements in the SOAP 1020 body. If a BIAS responder cannot, for some reason, process a BIAS request, it MUST generate a 1021 SOAP fault. (SOAP 1.1 faults and fault codes are discussed in [SOAP11] section 5.1.) 1022 3. On receiving a BIAS response in a SOAP message, the BIAS requester MUST NOT send a fault 1023 code or other error messages to the BIAS responder. Since the format for the message 1024 interchange is a simple request-response pattern, adding additional items such as error 1025 conditions would needlessly complicate the protocol. 1026SOAP 1.1 also defines an optional data encoding system. This system is not used within the BIAS SOAP 1027binding. This means that BIAS messages can be transported using SOAP without re-encoding from the 1028“standard” BIAS schema to one based on the SOAP encoding. 1029 NOTE: [SOAP11] references an early draft of the XML Schema specification including an 1030 obsolete namespace. BIAS requesters SHOULD generate SOAP documents referencing only the 1031 final XML schema namespace. BIAS responders MUST be able to process both the XML schema 1032 namespace used in [SOAP11] as well as the final XML schema namespace.

10335.3 Handling binary data 1034BIAS messages frequently contain binary data (e.g., biometric data, scanned identity documents, etc.). 1035Two methods are provided for dealing with this: 1036  Embedded Base64 encoding 1037  XOP [XOP] 1038Use of SOAP with Attachments (SWA) is deprecated.

1039 5.3.1 Base64 encoding 1040This method is the default method for including binary data. Binary data is Base64 encoded and included 1041between the tags in the XML SOAP body for the appropriate data elements. Data elements using this 1042method are indicated as such in the schema. 426biasprofile-v1.0-csprd02 427 23 February 2011 428Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 429 Page 86 of 194 1043As an example, the CBEFF_BIR_Type includes, as one of the BIR types, BinaryBIR of type 1044base64binary. 1045 1046 1047 1048However, even an XML_BIR as defined within [CBEFF] Part 3, contains a biometric data block (BDB) 1049which may be entirely binary (most common), 1050 1051 1052 1053or contain an element which is binary (e.g., an image within an XML BDB).

1054 5.3.2 Use of XOP 1055When XOP is used, the binary content is replaced with a reference (URI) to an attachment (i.e., MIME) 1056which contains that “stripped” content via an xop:include. The advantage of this method is overall 1057message size during transmission since the overhead of the embedded Base64 is not present (since the 1058MIME attachment contains the native binary format). 1059Use of XOP is generally transparent to the developer, other than in how they configure their toolset. Most 1060frameworks support this; however, there is a possibility of mismatch if the transmitter supports and uses 1061XOP but the receiver does not.

10625.4 Discovery 1063BIAS implementers (service providers) MUST provide WSDL [WSDL11] to describe their 1064implementations. This WSDL MAY or may not be made public via a standard discovery mechanism 1065(such as UDDI) or other method. 1066In addition, it is REQUIRED that the BIAS implementation include the QueryCapabilities operation to 1067provide dynamic information regarding BIAS capabilities, options, galleries, etc. that are supported.

10685.5 Identifying operations 1069Receivers of BIAS SOAP messages require a method of easily identifying the operation being requested 1070(or response being provided). This SHOULD be possible without the receiver needing to infer it from the 1071sum of the elements provided within the body of the SOAP message. The BIAS SOAP profile allows for 1072two methods of identifying BIAS operations: 1073  Explicit named element in body of the SOAP message 1074  Use of WS-Addressing Action element

1075 5.5.1 Operation name element 1076The BIAS message sender (requester) will include within the body of the BIAS SOAP message an XML 1077element . The receiver (service provider) can search for this tag within a received 1078BIAS SOAP message to determine what operation is being requested. There is no requirement related to 1079the ordering of this element within the message, though it is RECOMMENDED that it be included early in 1080the message to aid in human readability. 1081An example of this method for the CreateSubject operation is shown below: 1082 1083POST /bias HTTP/1.1

431biasprofile-v1.0-csprd02 432 23 February 2011 433Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 434 Page 87 of 194 1084Host: www.acme.com 1085Content-Type: application/soap+xml; charset=”utf-8” 1086Content-Length: nnnn 1087SOAPAction: “” 1088 1089 1090 1091 1093 1094 BIAS Application 1095 BIAS User 1096 CreateSubject 1097 1098 1099 123456789 1100 1101 1102 1103

1104 5.5.2 WS-Addressing Action 1105WS-Addressing [WS-Addr] provides a mechanism for including action information inside any SOAP 1106message. The information is in the SOAP Header. The WS-Addressing ‘Action’ element is used to 1107indicate the intent of the message. The value is a URI/IRI identifying that intent; however, there are no 1108restrictions on the format or specificity of the URI/IRInor a requirement that it can be resolved. Adoption 1109of this option also requires that the WS-Addressing ‘To’, ‘ReplyTo’, and ‘MessageID’ elements are 1110supplied, as they are mandatory elements in a request-reply message pattern as used within BIAS. 1111Response messages would also need to use WS-Addressing, requiring the ‘To’ (matching the ‘ReplyTo’ 1112element in the request), ‘RelatesTo’ (matching the ‘MessageID’ element in the request), and 1113‘RelationshipType’ (default value to “wsa:Reply”) elements. 1114Use of WS-Addressing is OPTIONAL in this profile as is this method of using the ‘Action’ field for this 1115purpose. However, when BIAS is used within an environment using WS-Addressing, it is 1116RECOMMENDED that this approach for use of the ‘Action’ field to carry the BIAS operation name is 1117employed, either alone or in combination with the BIASOperationName approach described in section 11185.4.1. 1119An example for a message request for the CreateSubject operation would look likethe following: 1120 1121 POST /bias HTTP/1.1 1122 Host: www.acme.com 1123 Content-Type: application/soap+xml; charset=”utf-8” 1124 Content-Length: nnnn 1125 SOAPAction: “”

436biasprofile-v1.0-csprd02 437 23 February 2011 438Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 439 Page 88 of 194 1126 1127 1130 1131 some-ID 1132 1133 response-URI 1134 1135 destination-URI 1136 CreateSubject 1137 1138 1139 1141 1142 1143

11445.6 Security 1145The end-points that exchange SOAP messages (or handle the contents of the BIAS operations) are 1146expected to be protected and trusted such that message-level security mechanisms may not be required. 1147The use of SSL (HTTPS) or VPN technology that provides end-point to end-point security is 1148RECOMMENDED and MAY be sufficient in some cases. Other mechanisms such as Signed XML or 1149WSS [WSS] could also be implemented. 1150Unless stated otherwise, the following security statements apply to all BIAS bindings.

1151 5.6.1 Use of SSL 3.0 or TLS 1.0 1152Unless otherwise specified, in any BIAS binding’s use of SSL 3.0 [SSL3] or TLS1.0 [RFC2246], servers 1153MUST authenticate clients using a X.509 v3 certificate [X509]. The client MUST establish server identity 1154based on contents of the certificate (typically through examination of the certificate’s subject DN field, 1155subjectAltName attribute, etc.). 1156Use of transport level security in the form of SSL or TLS is OPTIONAL but highly RECOMMENDED. Use 1157of these mechanisms alone may not be sufficient for end-to-end integrity and confidentiality, however (see 11585.5.3 and 5.5.4 below).

1159 5.6.2 Data Origin Authentication 1160Authentication of both the BIAS requester and the BIAS responder associated with a message is 1161OPTIONAL and depends on the environment of use: Authentication mechanisms available at the SOAP 1162message exchange layer or from the underlying substrate protocol (for example, in many bindings the 1163SSL/TLS or HTTP protocol) MAY be utilized to provide data origin authentication. 1164Transport authentication will not meet end-to-end origin authentication requirements in bindings where the 1165BIAS SOAP message passes through an intermediary – in this case, message authentication is 1166RECOMMENDED.

441biasprofile-v1.0-csprd02 442 23 February 2011 443Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 444 Page 89 of 194 1167Note that SAML [SAML] MAY be used as the mechanism for parties to authenticate to one another.

1168 5.6.3 Message Integrity 1169Message integrity of both BIAS requests and BIAS responses is OPTIONAL and depends on the 1170environment of use. The security layer in the underlying substrate protocol or a mechanism at the SOAP 1171message exchange layer MAY be used to ensure message integrity. 1172Transport integrity will not meet end-to-end integrity requirements in bindings where the BIAS SOAP 1173message passes through an intermediary – in this case, message integrity is RECOMMENDED.

1174 5.6.4 Message Confidentiality 1175Message confidentiality of both BIAS requests and BIAS responses is OPTIONAL and depends on the 1176environment of use. The security layer in the underlying substrate protocol or a mechanism at the SOAP 1177message exchange layer MAY be used to ensure message confidentiality. 1178Transport confidentiality will not meet end-to-end confidentiality requirements in bindings where the BIAS 1179SOAP message passes through an intermediary. 1180 NOTE: Biometric and biographic data is likely to contain personal information the confidentiality of 1181 which SHOULD be protected accordingly. See INCITS 442, section 6.3 for further discussion.

1182 5.6.5 CBEFF BIR security features 1183Within BIAS, biometric data is transferred within a CBEFF BIR (as defined in ISO/IEC 19785-1). CBEFF 1184provides for the optional encryption of the Biometric Data Block (BDB) of the BIR and for the integrity of 1185the entire BIR. If implemented, this is indicated in the BIR header. The BIR structure defines an optional 1186Security Block which MAY contain a digital signature (or message authentication code), encryption 1187parameters (e.g., key name, algorithm, etc.), and/or other security related data. Such protections are 1188associated with an individual BIR and are separate from any other protections provided at the message 1189level.

1190 5.6.6 Security Considerations 1191Before deployment, each combination of authentication, message integrity, and confidentiality 1192mechanisms SHOULD be analyzed for vulnerability in the context of the specific protocol exchange and 1193the deployment environment. 1194Special care should be given to the impact of possible caching on security. 1195IETF RFC 2617 [RFC2617] describes possible attacks in the HTTP environment when basic or message 1196digest authentication schemes are used. 1197Many of the security considerations identified in [SAML SEC] MAY also apply. 1198ISO/IEC 19092 [BIO SEC] describes a security framework for biometric systems including a minimum set 1199of security requirements addressing integrity, authenticity, and confidentiality of biometric information 1200during transmission and storage. These SHOULD be considered as part of an overall risk management 1201approach. 1202 NOTE: The requirements of ISO/IEC 19092, though useful across many application domains, are 1203 required for most biometric system implementations in the financial services environment. 1204 Application of this standard would make the requirements of sections 5.5.3 through 5.5.5 1205 mandatory rather than optional. This is highly RECOMMENDED for any high security environment 1206 or where privacy concerns exist.

446biasprofile-v1.0-csprd02 447 23 February 2011 448Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 449 Page 90 of 194 1207 5.6.7 Security of Stored Data 1208This specification does not address security considerations for stored data. It is the purview of the BIAS 1209service provider to implement security mechanisms and protect data at rest as per their own security 1210policies.

1211 5.6.8 Key Management 1212This specification does not address key management considerations with respect to implementation of 1213cryptographic security mechanisms (e.g., for authenticity, integrity, or confidentiality).

12145.7 Use with other WS* standards 1215The intent of specifying SOAP bindings for BIAS messages is to enable the full range of existing Web 1216services standards to be able to be applied. Some may be normative while others can be optionally 1217applied (i.e., WS-Security, WS-Addressing). Still others may require additional profiling to be used in an 1218interoperable manner (e.g., WS-Notification); this is left to a future revision. However, the intent is to avoid 1219specifying anything in the first, base version that would preclude the use of such standards in the future.

12205.8 Tailoring 1221This standard provides for a common method of implementing biometric Web services; however, it does 1222not guarantee interoperability in a specific application. In some cases further tailoring or profiling of this 1223standard may be required in order to further constrain the implementation options available. 1224 NOTE: As an example, BIAS allows for a number of different biographic and biometric data formats 1225 to be used, whereas a given application/domain MAY wish to limit this to a small set or just one of 1226 each type. Other examples (not comprehensive) include: 1227  Identification of a subset of BIAS operations to be used 1228  Specification of security features to be implemented (e.g., SSL, CBEFF BIR encryption, etc.) 1229  Choice of operation name identification method 1230  Choice of BIR type to be used (XML, non-XML, or URI) 1231  Further definition of aggregate operations 1232  Use (or not) of the encounter model 1233  Use (or not) of asynchronous operations 1234  Process sequences 1235  Implementation specific values (e.g., Transform oprerations/controls)

451biasprofile-v1.0-csprd02 452 23 February 2011 453Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 454 Page 91 of 194 12366 Error handling 1237There are two levels of errors that can be returned in an error response: system and service errors. 1238  System-level errors occur when the implementing system cannot service a request. They could 1239 result due to an internal logic error or because the implementing system does not support a 1240 particular request. 1241  Service-level errors occur when there is a problem transmitting or representing the service 1242 request. They could result due to an invalid service request or because of a communications 1243 error. 1244The INCITS BIAS standard defines the error condition codes for system-level errors. 1245  If successful, a response message (containing a return code) will be generated. 1246  If unsuccessful, a SOAP fault message (containing a fault code) will be generated.

12476.1 BIAS operation return codes 1248If a BIAS operation is successful, a response (service output) will be sent to the requester by the service 1249provider. Each response message contains a response status (see section 3.2.37) and return code (see 1250section 3.2.38) along with any response data as defined for that operation, if any. A response code of ‘0’ 1251indicates success.

12526.2 SOAP fault codes 1253If a BIAS operation is unsuccessful, no BIAS response message is sent. Instead a SOAP fault message 1254is returned. 1255Every Web service (operation) described in the BIAS WSDL may result in a fault message that will be 1256returned in the response by the service provider in the event of an error. The fault message contains a 1257FaultCode element as defined by the SOAP 1.1 specification (see section 3.2.5). The fault message 1258MUST contain a Detail element in a common format, as described by the BIASFault element (see section 12593.2.6). 1260The schema provided in Annex A defines “BIASFaultCode” and “BIASFaultDetail” types as well as 1261“BIASFault”, “BIASFaultType”, “BIASFaultMessage” and “BIASFaultDescription” elements. 1262The list of defined BIAS fault codes is provided in section 3.2.5. Note that BIAS service providers MAY 1263define additional fault codes unique to their service. 1264 NOTE: See also section 5.2 for additional information on message returns and faults.

456biasprofile-v1.0-csprd02 457 23 February 2011 458Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 459 Page 92 of 194 12657 Conformance 1266Implementations claiming conformance to this standard, MUST implement, at a minimum, all mandatory 1267requirements and provisions set forth in Clauses 3, 4, 5 and 6. If such implementations claim 1268conformance to any OPTIONAL requirements and provisions stated in Clauses 3, 4, 5 and 6, these 1269requirements and provisions MUST be implemented as set forth in these Clauses. 1270INCITS 442 [INCITS-BIAS] (Annex A) specifies five BIAS conformance classes. For each class, a set of 1271mandatory BIAS operations is identified in order for implementations (BIAS service providers) to claim 1272conformance. These categories are: 1273  Class 1: Full Primitive Services Implementation 1274  Class 2: Full Aggregate Services Implementation 1275  Class 3: Limited Primitive Services Implementation 1276  Class 4: Minimum Primitive Services Implementation 1277  Class 5: Minimum Aggregate Services Implementation 1278In addition, the minimum capability information to be returned in response to a Query Capabilities request 1279(the only mandatory BIAS operation across all 5 classes) is specified for each class. 1280These conformance classes and their associated requirements apply to this BIAS SOAP Profile. 1281There are no minimum set of operations required to be implemented by BIAS requesters; however, any 1282operations implemented must conform to the requirements of Clauses 3 and 4 and those requirements 1283within Clause 5 that are mandatory and are not specific to BIAS responders.

1285 1286 1293 1303 1304 1305 1306 1307 1308 1309Base template for BIAS aggregate service requests. 1310 1311 1312 1313 1314 1315 1316Options that guide how the aggregate service request is processed. 1317 1318 1319 1320

466biasprofile-v1.0-csprd02 467 23 February 2011 468Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 469 Page 94 of 194 1321Contains the input data for the aggregate service request. 1322 1323 1324 1325 1326 1327 1328 1329 1330Base template for BIAS aggregate service responses. 1331 1332 1333 1334 1335 1336 1337Contains the output data for the aggregate service response. 1338 1339 1340 1341 1342 1343 1344 1345 1346Identifies an application. 1347 1348 1349 1350 1351 1352 1353 1354 1355Identifies an application user or instance. 1356 1357 1358 1359

471biasprofile-v1.0-csprd02 472 23 February 2011 473Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 474 Page 95 of 194 1360 1361 1362 1363 1364Wraps the various BIAS biometric types. 1365 1366 1367 1368 1369A list of CBEFF-BIR elements. 1370 1371 1372 1373 1374Contains biometric information in either a non-XML and an XML 1375representation. 1376 1377 1378 1379 1380Maps to specific INCITS BIAS elements as required by that specification. 1381 1382 1383 1384 1385Maps to specific INCITS BIAS elements as required by that specification. 1386 1387 1388 1389 1390A list of biometric data elements. 1391 1392 1393 1394 1395 1396 1397 1398

476biasprofile-v1.0-csprd02 477 23 February 2011 478Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 479 Page 96 of 194 1399 1400 1401 1402The service failed for an unknown reason. 1403 1404 1405 1406 1407A requested capability is not supported by the service implementation. 1408 1409 1410 1411 1412The data in a service input parameter is invalid. 1413 1414 1415 1416 1417Biometric sample quality is too poor for the service to succeed. 1418 1419 1420 1421 1422The input BIR is empty or in an invalid or unrecognized format. 1423 1424 1425 1426 1427The service could not validate the signature, if used, on the input BIR. 1428 1429 1430 1431 1432The service could not decrypt an encrypted input BIR. 1433 1434 1435 1436 1437The input encounter ID is empty or in an invalid format.

481biasprofile-v1.0-csprd02 482 23 February 2011 483Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 484 Page 97 of 194 1438 1439 1440 1441 1442The input subject ID is empty or in an invalid format. 1443 1444 1445 1446 1447The subject referenced by the input subject ID does not exist. 1448 1449 1450 1451 1452The gallery referenced by the input gallery ID does not exist. 1453 1454 1455 1456 1457The encounter referenced by the input encounter ID does not exist. 1458 1459 1460 1461 1462The biographic data format is not known or not supported. 1463 1464 1465 1466 1467The identity referenced by the input identity claim does not exist. 1468 1469 1470 1471 1472The identity claim requested is already in use. 1473 1474 1475 1476

486biasprofile-v1.0-csprd02 487 23 February 2011 488Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 489 Page 98 of 194 1477The data requested for deletion does not exist. 1478 1479 1480 1481 1482 1483 1484Defines the error information associated with a SOAP fault. 1485 1486 1487 1488 1489References an error code. 1490 1491 1492 1493 1494Provides an explanation of the fault. 1495 1496 1497 1498 1499Provides detailed information about a BIAS fault, such as trace details. 1500 1501 1502 1503 1504 1505 1506 1507Defines a single element for encapsulating the data associated 1508with an Identity. Includes the Identity's reference identifiers, 1509biographic data, and biometric data. 1510 1511 1512 1513 1514 1515A system unique identifier for a subject.

491biasprofile-v1.0-csprd02 492 23 February 2011 493Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 494 Page 99 of 194 1516 1517 1518 1519 1520An identifier by which a subject is known to a particular gallery or population 1521group. 1522 1523 1524 1525 1526The identifier of an encounter associated with the subject, required for encounter-centric 1527models. 1528 1529 1530 1531 1532A list of encounters associated with a subject. 1533 1534 1535 1536 1537An Identity's biographic data. 1538 1539 1540 1541 1542An Identity's biographic data elements that are stored in the implementing 1543system. 1544 1545 1546 1547 1548An Identity's biometric data. 1549 1550 1551 1552 1553 1554

496biasprofile-v1.0-csprd02 497 23 February 2011 498Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 499 Page 100 of 194 1555A BIAS identifier 1556 1557 1558 1559 1560 1561Defines a single biographic data element. 1562 1563 1564 1565 1566The name of the biographic data item. 1567 1568 1569 1570 1571The data type for the biographic data item. 1572 1573 1574 1575 1576The value assigned to the biographic data item. 1577 1578 1579 1580 1581 1582 1583Defines a set of biographic data that is formatted according to the specified 1584format. 1585 1586 1587 1588 1589The name of the biographic data format. Use these names for common formats: FBI-EFTS, FBI- 1590EBTS, DOD-EBTS, INT-I, NIEM, xNAL, HR-XML. 1591 1592 1593

501biasprofile-v1.0-csprd02 502 23 February 2011 503Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 504 Page 101 of 194 1594 1595The version of the biographic data format (e.g., “7.1" for FBI-EFTS or “2.0" for 1596NIEM). 1597 1598 1599 1600 1601Reference to a URI/IRI describing the biographic data format. For example: (FBI-EFTS) 1602www.fbibiospecs.org, (DOD-EBTS) www.biometrics.dod.mil, (INT-I) www.interpol.int, (NIEM) www.niem.gov, (xNAL) 1603www.oasis-open.org, (HR-XML) www.hr-xml.org. 1604 1605 1606 1607 1608The biographic data format type. Use these types for common formats: ASCII (e.g., for non-XML 1609versions of FBI-EFTS, FBI-EBTS, DOD-EFTS, or INT-I), XML (e.g., for NIEM, xNAL, and HR-XML or future version of FBI- 1610EBTS). 1611 1612 1613 1614 1615 1616Biographic data formatted according to a specific format. 1617 1618 1619 1620 1621 1622 1623 1624Defines a set of biographic data elements, utilizing either the 1625BiographicDataItemType to represent a list of elements or the 1626BiographicDataSetType to represent a complete, formatted set of 1627biographic information. 1628 1629 1630 1631 1632 1633The last name of a subject.

506biasprofile-v1.0-csprd02 507 23 February 2011 508Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 509 Page 102 of 194 1634 1635 1636 1637 1638The first name of a subject. 1639 1640 1641 1642 1643 1644 1645 1646A single biographic data element. 1647 1648 1649 1650 1651 1652 1653 1654A set of biographic data information. 1655 1656 1657 1658 1659 1660 1661 1662Provides descriptive information about biometric data, such as 1663the biometric type, subtype, and format, contained in the BDB of 1664the CBEFF-BIR. 1665 1666 1667 1668 1669 1670The type of biological or behavioral data stored in the biometric record, as defined by 1671CBEFF. 1672

511biasprofile-v1.0-csprd02 512 23 February 2011 513Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 514 Page 103 of 194 1673 1674 1675 1676The number of biometric records having the biometric type recorded in the biometric type 1677field. 1678 1679 1680 1681 1682More specifically defines the type of biometric data stored in the biometric record, as defined by 1683CBEFF. 1684 1685 1686 1687 1688Identifies the standards body, working group, industry consortium, or other CBEFF biometric 1689organization that has defined the format for the biometric data. 1690 1691 1692 1693 1694Identifies the specific biometric data format specified by the CBEFF biometric organization 1695recorded in the BDB Format Owner field. 1696 1697 1698 1699 1700 1701 1702A list of biometric data elements. 1703 1704 1705 1707 1708Data structure containing information about a biometric record. 1709 1710 1711 1712

516biasprofile-v1.0-csprd02 517 23 February 2011 518Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 519 Page 104 of 194 1713 1714 1715 1716Defines a set of candidates, utilizing the Candidate Type to 1717represent each element in the set. 1718 1719 1720 1721 1722 1723A single candidate. 1724 1725 1726 1727 1728 1729 1730 1731Defines a single candidate as a possible match in response to a 1732biometric identification request. 1733 1734 1735 1736 1737 1738The match score. 1739 1740 1741 1742 1743The rank of the candidate in relation to other candidates for the same biometric identification 1744operation. 1745 1746 1747 1748 1749Biographic data associated with the candidate match. 1750 1751

521biasprofile-v1.0-csprd02 522 23 February 2011 523Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 524 Page 105 of 194 1752 1753 1754Biometric data associated with the candidate match. 1755 1756 1757 1758 1759 1760 1761Defines a set of capabilities. 1762 1763 1764 1765 1766A single capability. 1767 1768 1769 1770 1771 1772 1773A list of capability items. 1774 1775 1776 1777 1778A data element accepted as optional input by the implementing system for the aggregate 1779services. 1780 1781 1782 1783 1784A data element required as input by the implementing system for the aggregate 1785services. 1786 1787 1788 1789

526biasprofile-v1.0-csprd02 527 23 February 2011 528Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 529 Page 106 of 194 1790A processing option supported by the implementing system for the aggregate 1791services. 1792 1793 1794 1795 1796A data element returned by the implementing system for the aggregate 1797services. 1798 1799 1800 1801 1802Describes the processing logic of an aggregate service supported by the implementing 1803system. 1804 1805 1806 1807 1808Identifies a biographic data set supported by the implementing system. 1809 1810 1811 1812 1813A patron format supported by the implementing system. 1814 1815 1816 1817 1818A classification algorithm type supported by the implementing system. 1819 1820 1821 1822 1823Identifies the conformance class of the BIAS implementation. 1824 1825 1826 1827 1828A gallery or population group supported by the implementing system.

531biasprofile-v1.0-csprd02 532 23 February 2011 533Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 534 Page 107 of 194 1829 1830 1831 1832 1833Identifies whether the implementing system is person-centric or encounter-centric 1834based. 1835 1836 1837 1838 1839 Identifies the use of match scores returned by the implementing system. 1840 1841 1842 1843 1844A quality algorithm vendor and algorithm vendor product ID supported by the implementing 1845system. 1846 1847 1848 1849 1850A biometric type supported by the implementing system. 1851 1852 1853 1854 1855A transform operation type supported by the implementing system. 1856 1857 1858 1859 1860 1861 1862Defines a single capability supported by an implementing system. 1863 1864 1865 1866 1867The name of the capability.

536biasprofile-v1.0-csprd02 537 23 February 2011 538Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 539 Page 108 of 194 1868 1869 1870 1871 1872An identifier assigned to the capability by the implementing system. 1873 1874 1875 1876 1877A description of the capability. 1878 1879 1880 1881 1882A value assigned to the capability. 1883 1884 1885 1886 1887A secondary value supporting the capability. 1888 1889 1890 1891 1892 Contains additional information for the supported capability. 1893 1894 1895 1896 1897 1898 1899A list of CBEFF-BIR elements. 1900 1901 1902 1903 1904CBEFF structure containing information about a biometric sample. 1905 1906

541biasprofile-v1.0-csprd02 542 23 February 2011 543Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 544 Page 109 of 194 1907 1908 1909 1910 1911Represents biometric information, with either a non-XML or XML 1912representation. 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945

546biasprofile-v1.0-csprd02 547 23 February 2011 548Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 549 Page 110 of 194 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960The result of a classification. 1961 1962 1963 1964 1965 1966Type of classification algorithm that was used to perform the 1967classification. 1968 1969 1970 1971 1972 1973Contains information on classification results and the algorithm used to determine the 1974classification. 1975 1976 1977 1978 1979The result of the classification. 1980 1981 1982 1984

551biasprofile-v1.0-csprd02 552 23 February 2011 553Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 554 Page 111 of 194 1985Identifies the type of classification algorithm that was used to perform the 1986classification. 1987 1988 1989 1990 1991 1992 1993Defines a set of encounters. 1994 1995 1996 1997 1998The identifier of an encounter. 1999 2000 2001 2002 2003 2004 2005 2006Contains at a minimum two sets of fusion input 2007elements, as input to the PerformFusion request. 2008 2009 2010 2011 2012 2013A set of fusion information. 2014 2015 2016 2017 2018 2019 2020Represents the information necessary to perform a fusion operation. 2021 2022 2023

556biasprofile-v1.0-csprd02 557 23 February 2011 558Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 559 Page 112 of 194 2024 2025The type of biological or behavioral data stored in the biometric record, as defined by 2026CBEFF. 2027 2028 2029 2030 2031More specifically defines the type of biometric data stored in the biometric 2032record. 2033 2034 2035 2036 2037The owner or vendor of the algorithm used to determine the score or 2038decision. 2039 2040 2041 2042 2043The Algorithm Owner's identifier for the specific algorithm product and version used to 2044determine the score or decision. 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059The similarity score assigned by the matching algorithm. 2060 2061 2062 2063

561biasprofile-v1.0-csprd02 562 23 February 2011 563Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 564 Page 113 of 194 2064 2065 2066 2067 2068 2069 2070 2071 2072The match decision assigned by the matching algorithm. 2073 2074 2075 2076 2077 2078 2079 2080 2081Common request paramters that can be used to identify the requester. 2082 2083 2084 2085 2086Identifies the requesting application. 2087 2088 2089 2090 2091Identifers the user or instance of the requesting application. 2092 2093 2094 2095 2096Identifers the BIAS operation name that is being requested. 2097 2098 2099 2100 2101 2102

566biasprofile-v1.0-csprd02 567 23 February 2011 568Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 569 Page 114 of 194 2103 2104Allows for an unlimited number of data element types, and it does 2105not specify nor require any particular data element. 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115Provides a method to filter the amount of information returned in 2116a search of biometric data. 2117 2118 2119 2120 2121 2122 2123 2125 2126Limits the returned information to a specific type of biometric, as defined by 2127CBEFF. 2128 2129 2130 2131 2132 2133 2134 2135A Boolean flag indicating if biometric subtype information should be 2136returned. 2137 2138 2139 2140 2141

571biasprofile-v1.0-csprd02 572 23 February 2011 573Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 574 Page 115 of 194 2142 2143The result of a fusion method. 2144 2145 2146 2147 2148 2149 2150BIAS aggregate services support the ability to include various 2151processing options which direct and possibly control the business 2152logic for that service. The ProcessingOptionsType provides a 2153method to represent those options. Processing options should be 2154defined by the implementing system. 2155 2156 2157 2158 2159 2160An option supported by the implementing system. 2161 2162 2163 2164 2165 2166 2167The vendor's ID for a particular product. 2168 2169 2170 2171 2172 2173Contains information about a biometric sample's quality and the algorithm used to compute the 2174quality. 2175 2176 2177 2178 2179The quality of a biometric sample. 2180

576biasprofile-v1.0-csprd02 577 23 February 2011 578Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 579 Page 116 of 194 2181 2182 2183 2184The vendor of the qualilty algorithm used to determine the quality score. 2185 2186 2187 2188 2189The vendor's ID for the algorithm used to determine the quality. 2190 2191 2192 2193 2194The version of the algorithm used to determine the quality. 2195 2196 2197 2198 2199 2200 2201Base template for BIAS primitive service requests. 2202 2203 2204 2206 2207 2208 2209 2210 2211 2212The return code indicates the return status of the operation. 2213 2214 2215 2216 2217A short message corresponding to the return code. 2218 2219

581biasprofile-v1.0-csprd02 582 23 February 2011 583Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 584 Page 117 of 194 2220 2221 2222 2223 2224Base template for BIAS responses. 2225 2226 2227 2228 2229Returned status for the operation. 2230 2231 2232 2233 2234 2235 2236BIAS Operation Return Codes 2237 2238 2239 2240 2241Success 2242 2243 2244 2245 2246 2247 2248Match result or quality score. 2249 2250 2251 2252 2253 2254Defines a token that is returned for asynchronous processing. 2255 2256 2257 2258

586biasprofile-v1.0-csprd02 587 23 February 2011 588Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 589 Page 118 of 194 2259A value returned by the implementing system that is used to retrieve the results to a service at a 2260later time. 2261 2262 2263 2264 2265A date and time at which point the token expires and the service results are no longer 2266guaranteed to be available. 2267 2268 2269 2270 2271 2272 2273Identifies a vendor. 2274 2275 2276 2277 2278 2279 2280For a description or definition of each data element, see the 2281referenced CBEFF standards in the CBEFF_XML_BIR_Type schema. 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291The version of a component. 2292 2293 2294 2295 2296 2297

591biasprofile-v1.0-csprd02 592 23 February 2011 593Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 594 Page 119 of 194 2298 2299Register a subject to a given gallery or population group. 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310The identifier of the gallery or population group to which the subject will be 2311added. 2312 2313 2314 2315 2316The identity to add to the gallery. 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331The response to an AddSubjectToGallery request. 2332 2333 2334 2335 2336

596biasprofile-v1.0-csprd02 597 23 February 2011 598Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 599 Page 120 of 194 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349Calculate a quality score for a given biometric. 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360Data structure containing a single biometric sample for which a quality score is to be 2361determined. 2362 2363 2364 2365 2366Specifies a particular algorithm vendor and vender product ID. 2367 2368 2369 2370 2371 2372 2373 2374 2375

601biasprofile-v1.0-csprd02 602 23 February 2011 603Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 604 Page 121 of 194 2376 2377 2378 2379 2380 2381The response to a CheckQuality request. 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392Contains the quality information for the submitted biometric sample. 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407Classifies a biometric sample. 2408 2409 2410 2411 2412 2413 2414

606biasprofile-v1.0-csprd02 607 23 February 2011 608Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 609 Page 122 of 194 2415 2416 2417 2418Data structure containing a single biometric sample for which the classification is to be 2419determined. 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434The response to a ClassifyBiometricData request, containing 2435the classification of a biometric sample. 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446Information on the results and type of classification performed. 2447 2448 2449 2450 2451 2452 2453

611biasprofile-v1.0-csprd02 612 23 February 2011 613Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 614 Page 123 of 194 2454 2455 2456 2457 2458 2459 2460 2461Create a new subject record. 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479The response to a CreateSubject request, containing the subject 2480ID of the new subject record. 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491Contains the subject ID of the new subject record. 2492

616biasprofile-v1.0-csprd02 617 23 February 2011 618Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 619 Page 124 of 194 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506Erase all of the biographic data associated with a given 2507subject record or, in the encounter-centric model, with a 2508given encounter. 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519Contains either the subject ID or encounter ID reference. 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531

621biasprofile-v1.0-csprd02 622 23 February 2011 623Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 624 Page 125 of 194 2532 2533 2534The response to a DeleteBiographicData request. 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552Erase all of the biometric data associated with a given 2553subject record or, in the encounter-centric model, with a 2554given encounter. 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565Contains either the subject ID or encounter ID reference. 2566 2567 2568 2569 2570

626biasprofile-v1.0-csprd02 627 23 February 2011 628Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 629 Page 126 of 194 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580The response to a DeleteBiometricData request. 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598Delete an existing subject record and, in an encounter-centric 2599model, any associated encounter information. 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609

631biasprofile-v1.0-csprd02 632 23 February 2011 633Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 634 Page 127 of 194 2610Subject ID of the identity to delete. 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625The response to a DeleteSubject request. 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643Remove the registration of a subject from a gallery or 2644population group. 2645 2646 2647 2648

636biasprofile-v1.0-csprd02 637 23 February 2011 638Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 639 Page 128 of 194 2649 2650 2651 2652 2653 2654 2655The identifier of the gallery or population group from which the subject will be 2656deleted. 2657 2658 2659 2660 2661The identity to remove from the gallery. 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676The response to a DeleteSubjectFromGallery request. 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687

641biasprofile-v1.0-csprd02 642 23 February 2011 643Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 644 Page 129 of 194 2688 2689 2690 2691 2692 2693 2694Retrieve the identification results for a specified token, 2695which was returned by the Identify Subject service. 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706A value used to retrieve the results of an IdentifySubject request. 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721The response to a GetIdentifySubjectResults request, which includes a candidate list. 2722 2723 2724 2725 2726

646biasprofile-v1.0-csprd02 647 23 February 2011 648Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 649 Page 130 of 194 2727 2728 2729 2730 2731 2732A rank-ordered list of candidates that have a likelihood of matching the input biometric 2733sample. 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748Perform an identification search against a given gallery for 2749a given biometric. 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760The identifier of the gallery or population group which will be searched. 2761 2762 2763 2764

651biasprofile-v1.0-csprd02 652 23 February 2011 653Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 654 Page 131 of 194 2765Contains the BIR, a data structure containing the biometric sample for the 2766search. 2767 2768 2769 2770 2771The maximum size of the candidate list that should be returned. 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786The response to an IdentifySubject request, returning a 2787rank-ordered candidate list. 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803

656biasprofile-v1.0-csprd02 657 23 February 2011 658Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 659 Page 132 of 194 2804 2805 2806 2807 2808 2809 2810 2811 2812 2813 2814A rank-ordered list of candidates that have a likelihood of matching the input biometric sample; 2815returned with successful synchronous request processing. 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828A token used to retrieve the results of the IdentifySubject request; returned with asynchronous 2829request processing. 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840Lists the biographic data elements stored for a subject. 2841 2842

661biasprofile-v1.0-csprd02 662 23 February 2011 663Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 664 Page 133 of 194 2843 2844 2845 2846 2847 2848 2849 2850 2851Identifies the subject or, in the encounter-centric model, a subject and an 2852encounter. 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867The response to a ListBiographicData request, containing a list 2868of biographic data elements stored for a subject. In the 2869encounter-centric model, the biographic data elements for a 2870specific encounter are returned. If an encounter ID is not 2871specified and encounter data exists for the subject, the list 2872of encounter IDs which contain biographic data is returned. 2873 2874 2875 2876 2877 2878 2879 2880 2881

666biasprofile-v1.0-csprd02 667 23 February 2011 668Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 669 Page 134 of 194 2882 2883 2884Contains a list of biographic data elements associated with a 2885subject or encounter; non-empty if the service was 2886successful, biographic data exists, and either (a) the 2887person-centric model is being used or (b) the 2888encounter-centric model is being used and an encounter 2889identifier was specified. 2890 2891 2892 2893 2894 2895 2896A list of encounter ID's associated with a subject and 2897which contain biographic data; non-empty if the service 2898was successful, biographic data exists, the 2899encounter-centric model is being used, and an encounter 2900identifier was not specified. 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916Lists the biometric data elements stored for a subject. Note 2917that no actual biometric data is returned by this service (see 2918the RetrieveBiometricInformation service to obtain the biometric 2919data). 2920

671biasprofile-v1.0-csprd02 672 23 February 2011 673Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 674 Page 135 of 194 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930Identifies the subject or, in the encounter-centric model, a subject and an 2931encounter. 2932 2933 2934 2935 2936Indicates what biometric information should be returned. 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951The response to a ListBiometricData request, containing a list 2952of biometric data elements stored for a subject. In the 2953encounter-centric model, the biometric data elements for a 2954specific encounter are returned. If an encounter ID is not 2955specified and encounter data exists for the subject, the list 2956of encounter IDs which contain biometric data is returned. 2957 2958 2959

676biasprofile-v1.0-csprd02 677 23 February 2011 678Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 679 Page 136 of 194 2960 2961 2962 2963 2964 2965 2966 2967 2968Includes a list of biometric data elements associated 2969with a subject or encounter or a list of encounter ID's 2970associated with a subject and which contain biometric 2971data. 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987Accepts either match score or match decision information and creates a fused match result. 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998Score or decision input information to the fusion method.

681biasprofile-v1.0-csprd02 682 23 February 2011 683Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 684 Page 137 of 194 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013The response to the PerformFusion request. 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024Indicates the result of the fusion method 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037

686biasprofile-v1.0-csprd02 687 23 February 2011 688Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 689 Page 138 of 194 3038 3039Returns a list of the capabilities, options, galleries, etc. 3040that are supported by the BIAS implementation. 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058The response to a QueryCapabilities request. 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069A list of capabilities supported by the BIAS implementation. 3070 3071 3072 3073 3074 3075 3076

691biasprofile-v1.0-csprd02 692 23 February 2011 693Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 694 Page 139 of 194 3077 3078 3079 3080 3081 3082 3083 3084Retrieves the biographic data associated with a subject ID. 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095Identifies the subject or, in the encounter-centric model, a subject and an 3096encounter. 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111The response to a RetrieveBiographicInformation request, 3112containing the biographic data associated with a subject ID. In 3113the encounter-centric model, the biographic data associated with 3114a specified encounter is returned. If the encounter ID is not 3115specified in the encounter-centric model, the biographic

696biasprofile-v1.0-csprd02 697 23 February 2011 698Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 699 Page 140 of 194 3116information associated with the most recent encounter is returned. 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127Includes the set of biographic data associated with a subject. 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142Retrieves the biometric data associated with a subject ID. 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153Identifies the subject or, in the encounter-centric model, a subject and an 3154encounter.

701biasprofile-v1.0-csprd02 702 23 February 2011 703Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 704 Page 141 of 194 3155 3156 3157 3158 3159The type of biological or behavioral data to retrieve. 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174The response to a RetrieveBiometricInformation request, 3175containing the biometric data associated with a subject ID. In 3176the encounter-centric model, the biometric data associated with 3177a specified encounter is returned. If the encounter ID is not 3178specified in the encounter-centric model, the biometric 3179information associated with the most recent encounter is returned. 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190Includes the biometric data associated with a subject. 3191 3192 3193

706biasprofile-v1.0-csprd02 707 23 February 2011 708Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 709 Page 142 of 194 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205Associates biographic data to a given subject record. 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216Identifies the subject or, in the encounter-centric model, a subject and an encounter, and 3217includes the biographic data to store. 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232The response to a SetBiographicData request.

711biasprofile-v1.0-csprd02 712 23 February 2011 713Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 714 Page 143 of 194 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243In an encounter-centric model, identifies the encounter ID assigned to a new 3244encounter. 3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259Associates biometric data to a given subject record. 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270Identifies the subject or, in the encounter-centric model, a subject and an encounter, and 3271includes the biometric data to store.

716biasprofile-v1.0-csprd02 717 23 February 2011 718Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 719 Page 144 of 194 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286The response to a SetBiometricData request. 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297In an encounter-centric model, identifies the encounter ID assigned to a new 3298encounter. 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310

721biasprofile-v1.0-csprd02 722 23 February 2011 723Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 724 Page 145 of 194 3311 3312 3313Transforms or processes a given biometric in one format into a new target format. 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324Data structure containing the biometric information to be transformed. 3325 3326 3327 3328 3329Value indicating the type of transformation to perform. 3330 3331 3332 3333 3334 Specifies controls for the requested transform operation. 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348 3349The response to a TransformBiometricData request.

726biasprofile-v1.0-csprd02 727 23 February 2011 728Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 729 Page 146 of 194 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360Data structure containing the new, transformed biometric information. 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375Updates the biographic data for a given subject record. 3376 3377 3378 3379 3380 3381 3382 3383 3384 3385 3386Identifies the subject or, in the encounter-centric model, a subject and an encounter, and 3387includes the biographic data to update. 3388

731biasprofile-v1.0-csprd02 732 23 February 2011 733Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 734 Page 147 of 194 3389 3390 3391 3392 3393 3394 3395 3396 3397 3398 3399 3400 3401 3402The response to an UpdateBiographicData request. 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420Updates a single biometric sample for a given subject record. 3421 3422 3423 3424 3425 3426 3427

736biasprofile-v1.0-csprd02 737 23 February 2011 738Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 739 Page 148 of 194 3428 3429 3430 3431Identifies the subject or, in the encounter-centric model, a subject and an encounter, and 3432includes the biometric data to update. 3433 3434 3435 3436 3437Value indicating if the input biometric sample should be merged with any existing biometric 3438information. 3439 3440 3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453The response to an UpdateBiometricData request. 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464 3465 3466

741biasprofile-v1.0-csprd02 742 23 February 2011 743Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 744 Page 149 of 194 3467 3468 3469 3470 3471Performs a 1:1 verification match between a given biometric and 3472either a claim to identity in a given gallery or another given 3473biometric. 3474 3475 3476 3477 3478 3479 3480 3481 3482 3483 3484The identifier of the gallery or population group of which the subject must be a 3485member. 3486 3487 3488 3489 3490Includes the identifying information and/or input and reference biometric 3491samples. 3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 3502 3503 3504 3505

746biasprofile-v1.0-csprd02 747 23 February 2011 748Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 749 Page 150 of 194 3506The response to a VerifySubject request. 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517Indicates if the Input BIR matched either the biometric information associated with the Identity 3518Claim or the Reference BIR. 3519 3520 3521 3522 3523The score if the biometric information matched. 3524 3525 3526 3527 3528 3529 3530 3531 3532 3533 3534 3535 3536 3537 3538The Enroll aggregate service adds a new subject or, in an 3539encounter-centric model, a new encounter to the system. This may 3540be accomplished in a number of different ways according to 3541system requirements and/or resources. If the Enroll aggregate 3542service is implemented as a synchronous service, the 3543implementing system immediately processes the request and 3544returns the results in the ReturnData parameter. If the Enroll

751biasprofile-v1.0-csprd02 752 23 February 2011 753Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 754 Page 151 of 194 3545aggregate service is implemented as an asynchronous service, the 3546implementing system returns a token in the ReturnData 3547parameter, which is an indication that the request is being 3548handled asynchronously. In this case, the GetEnrollResults 3549service is used to poll for the results of the Enroll request. 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566The response to an Enroll request. 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583The GetEnrollResults aggregate service retrieves the enrollment

756biasprofile-v1.0-csprd02 757 23 February 2011 758Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 759 Page 152 of 194 3584results for the specified token. This service is used in 3585conjunction with the Enroll aggregate service. If the Enroll 3586aggregate service is implemented as an asynchronous service, the 3587implementing system returns a token, and the GetEnrollResults 3588service is used to poll for the results of the original Enroll 3589request. 3590 3591 3592 3593 3594 3595 3596 3597 3598 3599 3600A value used to retrieve the results of the Enroll request. 3601 3602 3603 3604 3605 3606 3607 3608 3609 3610 3611 3612 3613 3614The response to a GetEnrollResults request. 3615 3616 3617 3618 3619 3620 3621 3622

761biasprofile-v1.0-csprd02 762 23 February 2011 763Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 764 Page 153 of 194 3623 3624 3625 3626 3627 3628 3629 3630 3631The GetIdentifyResults aggregate service retrieves the 3632identification results for the specified token. This service is 3633used in conjunction with the Identify aggregate service. If the 3634Identify aggregate service is implemented as an asynchronous 3635service, the implementing system returns a token, and the 3636GetIdentifyResults service is used to poll for the results of 3637the original Identify request. 3638 3639 3640 3641 3642 3643 3644 3645 3646 3647 3648A value used to retrieve the results of the Identify request. 3649 3650 3651 3652 3653 3654 3655 3656 3657 3658 3659 3660 3661

766biasprofile-v1.0-csprd02 767 23 February 2011 768Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 769 Page 154 of 194 3662The response to a GetIdentifyResults request. 3663 3664 3665 3666 3667 3668 3669 3670 3671 3672 3673 3674 3675 3676 3677 3678 3679The GetVerifyResults aggregate service retrieves the verification 3680results for the specified token. This service is used in 3681conjunction with the Verify aggregate service. If the Verify 3682aggregate service is implemented as an asynchronous service, the 3683implementing system returns a token, and the GetVerifyResults 3684service is used to poll for the results of the original Verify 3685request. 3686 3687 3688 3689 3690 3691 3692 3693 3694 3695 3696A value used to retrieve the results of the Verify request. 3697 3698 3699 3700

771biasprofile-v1.0-csprd02 772 23 February 2011 773Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 774 Page 155 of 194 3701 3702 3703 3704 3705 3706 3707 3708 3709 3710The response to a GetVerifyResults request. 3711 3712 3713 3714 3715 3716 3717 3718 3719 3720Indicates if the Input BIR matched either the biometric information associated with the Identity 3721Claim or the Reference BIR. 3722 3723 3724 3725 3726The score if the biometric information matched. 3727 3728 3729 3730 3731 3732 3733 3734 3735 3736 3737 3738 3739

776biasprofile-v1.0-csprd02 777 23 February 2011 778Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 779 Page 156 of 194 3740 3741The Identify aggregate service performs an identification 3742function according to system requirements and/or resources. If 3743the Identify aggregate service is implemented as a synchronous 3744service, the implementing system immediately processes the 3745request and returns the results in the ReturnData parameter. If 3746the Identify aggregate service is implemented as an asynchronous 3747service, the implementing system returns a token in the 3748ReturnData parameter, which is an indication that the request is 3749being handled asynchronously. In this case, the 3750GetIdentifyResults service is used to poll for the results of 3751the Identify request. 3752 3753 3754 3755 3756 3757 3758 3759 3760 3761 3762 3763 3764 3765 3766 3767 3768The response to an Identify request. 3769 3770 3771 3772 3773 3774 3775 3776 3777 3778

781biasprofile-v1.0-csprd02 782 23 February 2011 783Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 784 Page 157 of 194 3779 3780 3781 3782 3783 3784 3785The RetrieveInformation aggregate service retrieves requested 3786information about a subject, or in an encounter-centric model 3787about an encounter. In a person-centric model, this aggregate 3788service may be used to retrieve both biographic and biometric 3789information for a subject record. In an encounter-centric model, 3790this aggregate service may be used to retrieve biographic and/or 3791biometric information for either a single encounter or all 3792encounters. Either a SubjectID or EncounterID must be specified 3793in the Identify parameter. 3794 3795 3796 3797 3798 3799 3800 3801 3802 3803 3804Options that guide how the service request is processed, and may identify what type(s) of 3805information should be returned. 3806 3807 3808 3809 3810Includes the identifier of the subject or encounter. 3811 3812 3813 3814 3815 3816 3817

786biasprofile-v1.0-csprd02 787 23 February 2011 788Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 789 Page 158 of 194 3818 3819 3820 3821 3822 3823 3824The response to a RetrieveInformation request. 3825 3826 3827 3828 3829 3830 3831 3832 3833 3834 3835 3836 3837 3838 3839 3840 3841The Verify aggregate service performs a 1:1 verification 3842function according to system requirements and/or resources. 3843Either the IdentityClaim or ReferenceBIR input data elements in 3844the Identity parameter are required. If the Verify aggregate 3845service is implemented as a synchronous service, the 3846implementing system immediately processes the request and returns 3847the results in the ReturnData parameter. If the Verify aggregate 3848service is implemented as an asynchronous service, the 3849implementing system returns a token in the ReturnData parameter, 3850which is an indication that the request is being handled 3851asynchronously. In this case, the GetVerifyResults service is 3852used to poll for the results of the Verify request. 3853 3854 3855 3856

791biasprofile-v1.0-csprd02 792 23 February 2011 793Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 794 Page 159 of 194 3857 3858 3859 3860 3861 3862 3863Includes either the IdentityClaim or ReferenceBIR. 3864 3865 3866 3867 3868The identifier of the gallery or population group of which the subject must be a 3869member. 3870 3871 3872 3873 3874 3875 3876 3877 3878 3879 3880 3881 3882 3883The response to a Verify request. 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893Indicates if the Input BIR matched either the biometric information associated with the Identity 3894Claim or the Reference BIR. 3895

796biasprofile-v1.0-csprd02 797 23 February 2011 798Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 799 Page 160 of 194 3896 3897 3898 3899The score if the biometric information matched. 3900 3901 3902 3903 3904 3905 3906 3907 3908 3909 3910 3911 3912 3913 3914 3915 3916 3917 3918 3919 3920 3921 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934

801biasprofile-v1.0-csprd02 802 23 February 2011 803Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 804 Page 161 of 194 3935 3936 3937 3938 3939 3940 3941 3942 3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973

821biasprofile-v1.0-csprd02 822 23 February 2011 823Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 824 Page 165 of 194 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128

826biasprofile-v1.0-csprd02 827 23 February 2011 828Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 829 Page 166 of 194 4130 4131 4132 4133 4134 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4167 4168

831biasprofile-v1.0-csprd02 832 23 February 2011 833Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 834 Page 167 of 194 4169 4170 4171 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 4198 4199 4200 4201 4202 4203 4204 4205 4206 4207

4600The intent of this annex is to provide operational sequence diagrams / flow charts that show how the 4601higher level usage scenarios within [INCITS-BIAS] could be implemented using the BIAS SOAP profile. 4602The following use cases are given: 4603  Verification (synchronous/aggregate) 4604  Verification (asynchronous/aggregate) 4605  Verification (primitive) 4606  Identification (primitive) 4607  Enrollment (aggregate) 4608  Enrollment (primitive)

4609 B.1 Verification Use Case 4610This use case uses the aggregate Verify operation in which a single request results in some set of 4611operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service 4612provider. 4613

Client Application BIAS Client BIAS Server Agent BIAS Impl

Verify

CheckQuality

TransformBiometricData

VerifySubject

MatchDecision

Note that 1. CheckQuality, TransformBiometricData , VerifySubject can be exposed as interfaces of BIAS server agent . 4614

896biasprofile-v1.0-csprd02 897 23 February 2011 898Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 899 Page 180 of 194 4615 B.2 Asynchronous Verification 4616 Use Case 4617In this use case, the requester issues two requests – the BIAS Verify request to initiate the operation 4618followed by a BIAS GetVerifyResult request to retrieve the results of that operation. 4619

Verify

ReturnToken

CheckQuality

VerifySubject

MatchDecision

Periodically Polling

GetVerfiyResult

MatchDecision

Note that 1. CheckQuality, TransformBiometricData , VerifySubject can be exposed as interfaces of BIAS server agent . 4620 4621

901biasprofile-v1.0-csprd02 902 23 February 2011 903Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 904 Page 181 of 194 4622 B.3 Primitive Verification Use 4623 Case 4624In this use case, the verification operation is performed as a series of requests using the BIAS primitive 4625operations. In this case, the client rather than the service provider controls the workflow of the higher 4626level operation. 4627

BIAS Client BIAS Implementation

CheckQuality

Return

VerifySubject

Return

906biasprofile-v1.0-csprd02 907 23 February 2011 908Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 909 Page 182 of 194 4629 B.4 Identification Use Case 4630This use case uses the aggregate Identify operation in which a single request results in some set of 4631operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service 4632provider. 4633 4634 4635

Identify

CheckQuality

IdentifySubject

CandidateList

Note that 1. CheckQuality, TransformBiometricData, IdentifySubject can be exposed as interfaces of BIAS server agent . 4636

911biasprofile-v1.0-csprd02 912 23 February 2011 913Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 914 Page 183 of 194 4637 B.5 Biometric Enrollment Use 4638 Case 4639This use case uses the aggregate Enroll operation in which a single request results in some set of 4640operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service 4641provider. 4642Here, if the result of the IdentifySubject is no matches found, then the subject is added to the gallery. If a 4643match had been found then other logic may have been applied (e.g., return candidate list, add encounter 4644for existing subject, etc.). 4645

Client BIAS Client BIAS Server Agent BIAS Impl

Enroll

CheckQuality

IdentifySubject

CreateSubject

SetBiographicData

SetBiometricData

AddSubjectToGallery

ReturnData

4646 4647

916biasprofile-v1.0-csprd02 917 23 February 2011 918Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 919 Page 184 of 194 4648 B.6 Primitive Enrollment Use 4649 Case 4650In this use case, the enrollment operation is performed as a series of requests using the BIAS primitive 4651operations. In this case, the client rather than the service provider controls the workflow of the higher 4652level operation. 4653

CheckQuality

Return

TransformBiometricData Return

IdentifySubject

IdentifySubject Return

CreateSubject

CreateSubject Return

SetBiographicData

SetBiographicData Return

SetBiometricData

SetBiometricData Return

AddSubjectToGallery

AddSubjectToGallery Return

4656 C.1 Create Subject 4657 Request/Response Example 4658INCITS BIAS Specification 4659 4660 4662 4663

4664OASIS BIAS Examples 4665Simple Create Subject Request: 4666POST /bias HTTP/1.1 4667Host: www.acme.com 4668Content-Type: application/soap+xml; charset=”utf-8” 4669Content-Length: nnnn 4670SOAPAction: “CreateSubject” 4671 4672 4673 4674 4677 4678

4679Create Subject Request with SubjectID Parameter: 4680POST /bias HTTP/1.1 4681Host: www.acme.com 4682Content-Type: application/soap+xml; charset=”utf-8” 4683Content-Length: nnnn 4684SOAPAction: “CreateSubject” 4685 4686 4687 4688 4690 4691 123456789

4696Create Subject Request with Optional OASIS BIAS Content: 4697POST /bias HTTP/1.1 4698Host: www.acme.com 4699Content-Type: application/soap+xml; charset=”utf-8” 4700Content-Length: nnnn 4701SOAPAction: “CreateSubject” 4702 4703 4704 4705 4707 4708 BIAS Application 4709 BIAS User 4710 4711 4712 123456789 4713 4714 4715 4716

4717Simple Create Subject Response: 4718HTTP/1.1 200 OK 4719Content-Type: application/soap+xml; charset=”utf-8” 4720Content-Length: nnnn 4721 4722 4723 4724 4726 4727 0 4728 4729 4730 123456789 4731 936biasprofile-v1.0-csprd02 937 23 February 2011 938Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 939 Page 188 of 194 4732 4733 4734

4735Create Subject Response with Optional OASIS BIAS Content: 4736HTTP/1.1 200 OK 4737Content-Type: application/soap+xml; charset=”utf-8” 4738Content-Length: nnnn 4739 4740 4741 4742 4744 4745 0 4746 Subject ID 123456789 successfully 4747created. 4748 4749 4750 123456789 4751 4752 4753 4754 4755

4756 C.2 Set Biographic Data 4757 Request/Response Example 4758INCITS BIAS Specification 4759 4760 4761 4762 4764 4766 4767

4768OASIS BIAS Examples 4769Set Biographic Data Request: 4770POST /bias HTTP/1.1

941biasprofile-v1.0-csprd02 942 23 February 2011 943Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 944 Page 189 of 194 4771Host: www.acme.com 4772Content-Type: application/soap+xml; charset=”utf-8” 4773Content-Length: nnnn 4774SOAPAction: “SetBiographicData” 4775 4776 4777 4778 4780 4781 123456789> 4782 4783 4784 Last 4785 string 4786 Doe 4787 4788 4789 4790 person 4791 4792 4793

4794Set Biographic Data Response: 4795HTTP/1.1 200 OK 4796Content-Type: application/soap+xml; charset=”utf-8” 4797Content-Length: nnnn 4798 4799 4800 4801 4803 4804 0 4805 4806 4807 4808 4809

946biasprofile-v1.0-csprd02 947 23 February 2011 948Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 949 Page 190 of 194 4810 C.3 Set Biometric Data 4811 Request/Response Example 4812INCITS BIAS Specification 4813 4814 4815 4816 4818 4819 4820

4821OASIS BIAS Examples 4822Set Biometric Data Request: 4823POST /bias HTTP/1.1 4824Host: www.acme.com 4825Content-Type: application/soap+xml; charset=”utf-8” 4826Content-Length: nnnn 4827SOAPAction: “SetBiometricData” 4828 4829 4830 4831 4833 4834 123456789> 4835 4836 4837 biometric data 4838 4839 4840 4841 person 4842 4843 4844

4845Set Biometric Data Response: 4846HTTP/1.1 200 OK 4847Content-Type: application/soap+xml; charset=”utf-8” 4848Content-Length: nnnn

951biasprofile-v1.0-csprd02 952 23 February 2011 953Copyright © OASIS Open 2009-2011. All Rights Reserved. Standards Track Work Product 954 Page 191 of 194 4849 4850 4851 4852 4854 4855 0 4856 4857 4858 4859

4861The following individuals have participated in the creation of this specification and are gratefully 4862acknowledged: 4863 4864Participants: 4865 Name Affiliation Mr. Young Bang Booz Allen Hamilton Mr. Ed. Clay Sun Mr. Murty Gurajada * Raining Data Corporation Mr. Dale Hapeman US Department of Defense Dr. Charles Li Raytheon Mr. Kevin Mangold NIST Mr. John Mayer-Splain US Department of Homeland Security Dr. Ross Michaels NIST Mr. Ramesh Nagappan Sun Mr. Ash Parikh * Raining Data Corporation Mr. Matthew Swayze Daon Mr. Guy Swope Raytheon Mrs. Catherine Tilton Daon Mr. Alessandro Triglia OSS Nokalva Mr. Brad Wing NIST (formerly DHS) Mr. Michael Wittman Raytheon Mr. Gregory Zektser Booz Allen Hamilton

4866 4867* Though no longer members of the BIAS TC, these individuals contributed in the early stages of the 4868development of this standard. 4869In addition, the inputs from the INCITS technical committee M1 are also gratefully appreciated.

4871 Revision Date Editor Changes Made 0.01 2008-05-23 TBD Initial draft 0.02 2008-07-23 TBD Inserted data dictionary Added normative references Updated sec 3 & 5 + Annex B 0.03 2008-08-19 TBD WSDL updated 0.04 2008-09-11 TBD Updated references Added security requirements Corrected Fig. 3 0.05 2008-09-29 TBD SSL/TLS requirement clarified Reordered material in 5.3 & App C/D Updated references 2 new use cases added (App C) Updated examples in App D 0.06 2008-11-17 TBD Added BIAS operation name methods (new 5.3 + 4.2.27 & App B) 0.06a 2008-11-20 TBD Updated references 0.07 2008-11-27 TBD Revised fault structures and error handling 0.08 2009-06-22 TBD Incorporated comments from informal public review. 0.09 2009-07-24 Tilton/Swayze Incorporated comments from June review/meeting. Major changes included: - Breaking Clause 3 into 2 clauses for data elements and operations - Specification of URI & IRI - Clarifications and formatting 0.10 2009-10-19 Tilton/Swayze Expansion of conformance clause 0.11 2009-11-16 Tilton/Swayze Miscellaneous edits and clarifications [Also published as CD01] 0.12 2010-11-04 Tilton/Swayze Incorporation of public review comments Update WSDL 0.13 2011-01-03 Tilton/Mangold Clarification regarding xsd:any Updated WSDL