Professional Documents
Culture Documents
418 [SOAP11] Simple Object Access Protocol (SOAP) 1.1, 8 May 2000
419 http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
420 [URI] T. Berners-Lee, R. Fielding, L. Masinter, Uniform Resource Identifiers (URI): Generic Syntax,
421 RFC 3986, MIT/LCS, U.C. Irvine, Xerox Corporation, January 2005.
422 http://ietf.org/rfc/rfc3986
423 [UTF-8] ISO/IEC 10646:2003, Information technology — Universal Multiple-Octet Coded Character
424 Set (UCS)
425 http://www.iso.org
426 [WS-Addr] W3C Recommendation,Web Services Addressing 1.0 - Core, and Web Services
427 Addressing 1.0 - SOAP Binding, 9 May 2006
428 http://www.w3.org/2002/ws/addr/
431 [WS-I-Bind] Web Services-Interoperability Organization (WS-I) Simple SOAP Binding Profile Version
432 1.0, 24 August 2004
433 http://www.ws-i.org/Profiles/SimpleSoapBindingProfile-1.0-2004-08-24.html
434 [WSDL11] Web Services Description Language (WSDL) 1.1, 15 March 2001
435 http://www.w3.org/TR/2001/NOTE-wsdl-20010315
436 [XML 10] Extensible Markup Language (XML) 1.0, 16 August 2006
437 http://www.w3.org/TR/2006/REC-xml-20060816/
469 [RFC3280] R. Housley, et al, Internet X.509 Public Key Infrastructure Certificate and Certificate
470 Revocation List (CRL) Profile, April 2002
471 http://www.ietf.org/rfc/rfc3280.txt
472 [SAML] Security Assertion Markup Language (SAML), Oasis Standard, March 2005
473 http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
474 [SAML SEC] Security and Privacy Considerations for the OASIS Security Assertion Markup
475 Language (SAML) V2.0, Oasis Standard, 15 March 2005
476 http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
479 [WSS] Web Services Security: SOAP Message Security 1.1, (WS-Security 2004), OASIS Standard
480 Specification, 1 February 2006
481 http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-
482 SOAPMessageSecurity.pdf
483 [X509] X.509: Information technology - Open Systems Interconnection - The Directory: Public-key
484 and attribute certificate frameworks, ITU-T, August 2005
485 http://www.itu.int/rec/T-REC-X.509-200508-I
486 [xNAL] Customer Information Quality Specifications Version 3.0: Name (xNL), Address (xAL), Name
487 and Address (xNAL) and Party (xPIL), Committee Specification 02, 20 September 2008
488 http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ciq
527
528
529 Figure 2. Representative BIAS Architecture
530
531 NOTE: It is possible that BIAS may also be used between the service provider and the managed
532 resource (e.g., a biometric matcher).
533
534 At the heart of the BIAS SOAP Profile are the concepts of BIAS messages and endpoints.
535
536 BIAS implementation
537 A BIAS implementation is a software entity that is capable of creating, processing, sending, and receiving
538 BIAS messages. This standard does not define requirements for the BIAS implementation other than
539 defining the messages and protocols used by the endpoints.
540 BIAS messages
541 A BIAS message is a one that can be sent from a BIAS endpoint to another BIAS endpoint over a TCP/IP
542 link.
543 BIAS endpoints
BIAS-v2.0-cs01 11 July 2017
Standards Track Work Product Copyright © OASIS Open 2017. All Rights Reserved. Page 14 of 266
544 A BIAS endpoint is a runtime entity, uniquely identified and accessed by an endpoint URI/IRI [URI] [IRI],
545 capable of sending and receiving BIAS messages.
546 NOTE: When not publicly and directly exposed, the endpoints for purposes of this specification are
547 the BIAS service provider exposing BIAS services and the component that directly interacts with that
548 service provider, e.g., the business application or ESB, rather than the ultimate end client requester.
Min Length: 1
Min Length: 1
Description: Base type for all BIR subtypes; see BinaryBIR, URI_BIR, and XML_BIR for currently
available types.
Value Description
Type string 1 Y The data type for the biographic data item.
Value string 0..1 N The value assigned to the biographic data item.
581 NOTE: This element can be used to transmit scanned identity documents or document information
582 (e.g., passports, driver’s license, birth certificates, utility bills, etc. required to establish an identity).
586 NOTE: Biographic data formats are not limited to those listed. The string value is not enumerated.
587 If one of the common types are used, it MUST be indicated by the specified name values; however,
588 the service provider MAY offer other formats. See ISO/IEC 30108 for further information.
590 NOTE: The implementer is given three choices for encoding biographic data:
591 Encode only first and last name using the defined fields within BiographicDataType
Identity
BIASIDType 0..1 Y The identifier of the subject.
SubjectID
BiographicDataType 0..1 N Biographic data associated with the
BiographicData candidate match.
CBEFF_BIR_ListType 1 Y Biometric data associated with the
BIRList candidate match.
Value Description
AggregateInputDataOptional A data element accepted as optional input by the implementing system for
the aggregate services.
The Capability Value should be set to the name of the data element that
will be accepted by the aggregate services.
The Capability Supporting Value that indicates the which services support
the data element, using one or more of the following values, each
separated by a comma:
“Delete”
“Enrol”
“Identify”
“Verify”
“All”
AggregateInputDataRequired A data element required as input by the implementing system for the
aggregate services.
The Capability Value should be set to the name of the data element that
will be accepted by the aggregate services.
The Capability Supporting Value that indicates the which services support
the data element, using one or more of the following values, each
separated by a comma:
“Delete”
“Enrol”
“Identify”
“Verify”
“All”
The Capability Value should be set to the option identifier, or “key” field,
for the Processing Option parameter in the aggregate services.
The Capability Supporting Value that indicates the option value, or “value”
field, for the Processing Option parameter in the aggregate services, if
applicable.
“Delete”
“Enrol”
“Identify”
“Verify”
“Retrieve”
“All”
AggregateReturnData A data element returned by the implementing system for the aggregate
services.
The Capability Value should be set to the name of the data element that
will be returned by the aggregate services.
The Capability Supporting Value that indicates which services support the
data element, using one or more of the following values, each separated
by a comma:
“Delete”
“Enrol”
“Identify”
“Verify”
“Retrieve”
“All”
The Capability Value should be set to the name of the data element that
describes the aggregate services.
The Capability Supporting Value that indicates the which services support
the data element, using one or more of the following values, each
separated by a comma:
“Delete”
“Enrol”
“Identify”
“Verify”
“Retrieve”
The Capability Value should contain the name of the biographic data
format supported by the implementing system (e.g. “EBTS” or “NIEM”).
The Capability Additional Info should contain the biographic data format
type supported by the implementing system (e.g. ASCII or XML).
1 – (Class 1 conformance)
2 – (Class 2 conformance)
3 – (Class 3 conformance)
4 – (Class 4 conformance)
5 – (Class 5 conformance)
6 – (Class 6 conformance)
7 – (Class 7 conformance)
The Capability Value should be the same as the value used for the Gallery
ID parameter in the Add Subject to Gallery, Delete Biographic Data, Delete
Biometric Data, Delete Subject From Gallery, Identify Subject, Retrieve
Biographic Data Retrieve Biometric Data, Retrieve Document Data, Set
Biographic Data, Set Biometric Data, Set Document Data, and Verify
Subject Services.
“person”
“encounter”
The Capability Supporting Value shall contain the algorithm vendor product
ID.
The Capability Additional Info shall be set to the biometric type (defined by
the XML Patron Format in ISO/IEC 19785-3) that corresponds to the match
algorithm.
The Capability Description shall contain the software version of the match
algorithm.
MatchScore Identifies the use of match scores returned by the implementing system.
The Capability Additional Info shall be set to the biometric type (defined by
the XML Patron Format in ISO/IEC 19785-3) that corresponds to the match
score range.
The Capability Supporting Value shall contain the algorithm vendor product
ID.
The Capability Additional Info shall be set to the biometric type (defined by
the XML Patron Format in ISO/IEC 19785-3) that corresponds to the quality
algorithm.
The Capability Description shall contain the software version of the quality
algorithm.
The Capability Value shall be set to the biometric type, as defined by the
ZML Patron Format in ISO/IEC 19785-3 (for example, the biometric type for
face is represented a “face”).
“1” (identification)
“2” (verification)
“3” (identification and verification)
“4” (no comparison supported)
The Capability Value shall be equal to the value for the Transform
Operation parameter in the Transform Biometric Data service.
The Capability Supporting Value shall specify the value of the Transform
Control parameter in the Transform Biometric Data service. The value
returned may be either a single value or a range of values. If a range of
values is returned, the Capability Description shall specify additional
information for the value of the Transform Control parameter. If the
Transform Operation does not support a Transform Control, the Capability
Supporting value shall be set to “NotApplicable”.
607 NOTE: The implementer is given three choices for encoding a BIR:
608 As an XML BIR (following the XML Patron format as specified in Annex B)
609 As a reference to a URI (from which the receiver would retrieve the actual BIR)
610 As a complete Base64 encoded binary (non-XML) BIR.
611 The latter two alternatives can use any CBEFF Patron Format.
612 The optional BIR_Information provides a mechanism for
613 exposing metadata associated with a BIR format that is not easily
614 decoded (i.e., a non-XML BIR). See section 5.3 for more
615 information on handling of binary data within BIAS and ISO/IEC
616 30108, Clause 8.2, for more information on representing
617 biometric data.
618 NOTE:
619 (1) XML BIRs MUST conform to the XML patron format in
620 Annex B; however, non-XML (binary) and URI BIRs
621 MAY implement any CBEFF patron format.
622 (2) It is RECOMMENDED that only registered CBEFF
623 patron formats be used; however, in closed systems,
624 this may not be required.
Description: Type of classification algorithm that was used to perform the classification.
Description: Identifies the type of encounter (interaction) during which the identity (biographic,
biometric, and/or document) data was collected from the subject as determined by the
requester.
Value Description
Description: The base type for any resulting types which indicate the status of a Fusion operation
640 NOTE: See section 5.4 for alternatives for identifying the
641 requested BIAS operation in a BIAS SOAP message.
BiometricTypeFilters 1 Y
Value string 0..1 N The value for an option supported by the implementing
system.
Return ReturnCode 1 Y The return code indicates the return status of the
operation.
string 0..1 N A short message corresponding to the return code.
Message
Value Description
0 Success
655 NOTE: Matching scores MAY be in a standardized or proprietary form in terms of value range and
656 interpretation. Quality scores, however, follow the definition found in Annex
Expiration date 1 Y A date and time at which point the token expires and the
operation results are no longer guaranteed to be
available.
664 NOTE: Vendor identifiers are registered with IBIA as the CBEFF
665 registration authority (see ISO/IEC 19785-2). Registered biometric
666 organizations are listed at:
667 http://www.ibia.org/cbeff/_biometric_org.php.
671
AddSubjectToGalleryRequest 1 Y
AddSubjectToGalleryResponsePacka 1 Y
ge
CheckQuality Y Calculate a
quality score for
a given
biometric.
CheckQualityRequest 1 Y
CheckQualityResponsePackage 1 Y
ClassifyBiometricDataResponsePackage 1 Y
Identity BIASIdentity 1 Y
CreateEncounterResponsePackage 1 Y
Identity BIASIdentity 1 Y
CreateSubject Y
CreateSubjectRequest 1 Y
CreateSubjectRespons 1 Y
ePackage
Identity BIASIdentity 1 Y
DeleteBiographicDataRequest 1 Y
Identity BIASIdentity 1 Y
Identity BIASIdentity 1 Y
DeleteBiometricDataResponsePackag 1 Y
e
Identity BIASIdentity 1 Y
DeleteDocumentDataResponsePackage 1 Y
Identity BIASIdentity 1 Y
DeleteEncounterResponsePackage 1 Y
DeleteSubjectResponsePackage 1 Y
DeleteSubjectFromGalleryRequest 1 Y
DeleteSubjectFromGalleryResponsePackag
e
GetIdentifySubjectResultsRespons 1 Y
ePackage
IdentifySubject Y Perform an
identification search
against a given gallery
for a given biometric.
IdentifySubjectRequest 1 Y
IdentifySubjectResponsePackage 1 Y
829 NOTES:
830 (1) In the event that the number of candidates exceeding the threshold exceeds the
831 MaxListSize, the system will determine which candidate is included in the last position of
832 the rank ordered candidate list (i.e., in the event of a tie).
ListBiographicDataRequest 1 Y
ListBiographicDataResponsePackage 1 Y
ListBiometricDataRequest 1 Y
ListBiometricDataResponsePackage 1 Y
ListDocumentData Y
ListDocumentDataRequest 1 Y
1 Y
ListDocumentDataResponsePackage
PerformFusionRequest 1 Y
FusionInput FusionIdentityListType 1 Y
PerformFusionResponsePackag 1 Y
e
QueryCapabilitiesRequest 1 Y
RetrieveBiographicDataResponsePack 1 Y
age
RetrieveBiometricDataRequest 1 Y
RetrieveBiometricDataResponsePac 1 Y
kage
RetrieveDocumentData Y
RetrieveDocumentDataRequest 1 Y
Identity BIASIdentity 1 Y
1 Y
RetrieveDocumentDataResponsePackage
SetBiographicData Y Associates
biographic data to
a given subject
record.
SetBiographicDataRequest 1 Y
SetBiometricDataRequest 1 Y
SetBiometricDataResponsePackag 1 Y
e
SetDocumentData Y
SetDocumentDataRequest 1 Y
Identity BIASIdentity 1 Y
SetDocumentDataResponsePackage 1 Y
Identity BIASIdentity 1 Y
TransformBiometricData Y Transforms or
processes a given
biometric in one format
into a new target
format.
TransformBiometricDataRequest 1 Y
984 NOTE: The values for TransformOperation and TransformControl are implementation specific.
TransformBiometricDataResponsePacka 1 Y
ge
UpdateBiographicDataRequest 1 Y
UpdateBiographicDataResponsePackag 1 Y
e
UpdateBiometricDataRequest 1 Y
UpdateBiometricDataResponsePackag 1 Y
e
UpdateDocumentDataRequest 1 Y
UpdateDocumentDataResponsePackag 1 Y
e
VerifySubjectRequest 1 Y
DeleteRequest 1 Y
DeleteResponsePackage 1 Y
Identity BIASIdentity 1 Y
EnrolRequest 1 Y
EnrolResponsePackage 1 Y
Identity BIASIdentity 1 Y
GetDeletionResultsResponsePacka 1 Y
ge
GetEnrolResultsResponsePackage 1 Y
Identity BIASIdentity 1 Y
GetIdentifyResultsRequest 1 Y
Identity BIASIdentity
GetUpdateResultsRequest 1 Y
GetVerifyResultsRequest 1 Y
GetVerifyResultsResponsePackag 1 Y
e
Identify Y Performs an
identification function.
IdentifyRequest 1 Y
IdentifyResponsePackage 1 Y
RetrieveDataRequest 1 Y
RetrieveDataResponse Y Response to a
RetrieveData operation.
RetrieveDataResponsePackage 1 Y
UpdateRequest 1 Y
VerifyRequest 1 Y
VerifyResponsePackage 1 Y
SOAP Envelope
SOAP Header
SOAP Body
SOAP Payload
1183
1184 Figure 4. BIAS SOAP Structure
1185
1186 Biometric data, regardless of native format, is carried as a binary structure. As such, options exist on how
1187 this data is carried within the SOAP structure. It can be carried as embedded Base-64 objects or [XOP]
1188 can be used – this standard allows for either method (See section 5.3).
1194 SOAP messages will follow WS-I and will deviate only when absolutely necessary.
1195 Message structures and interchanges will be kept as simple as possible – “nice to have”
1196 features will be addressed in future revisions.
1199 BIAS will allow for a variety of biometric and biographic data formats to be used
1200 Only the SOAP messaging will be defined – no message protocols or client/server agents
1201 will be defined.
1203 Existing biometric and Web services standards will be leveraged wherever possible.
1204 Sample WSDL and use cases will be provided as an aid in implementation.
1205 Use of basic SOAP will allow all other compatible WS* standards (and discovery
1206 mechanisms) to be used in conjunction with BIAS messaging.
1207 BIAS will support both secure (i.e., using existing security mechanisms such as WS-
1208 Security, SAML, etc,) and non-secure implementations.
1209 Generic biometric operations will be defined – use of biometrics within a Web services
1210 authentication protocol is not addressed.
1211 OASIS namespace rules will be followed, though some external schemas MAY also be
1212 referenced.
GetIdentifySubjectResults (Token)
Return, CandidateList
1234 2. The BIAS responder MUST return either a BIAS response element within the body of another
1235 SOAP message or generate a SOAP fault. The BIAS responder MUST NOT include more than
1236 one BIAS response per SOAP message or include any additional XML elements in the SOAP
1237 body. If a BIAS responder cannot, for some reason, process a BIAS request, it MUST generate a
1238 SOAP fault. (SOAP 1.1 faults and fault codes are discussed in [SOAP11] section 5.1.)
1239 3. On receiving a BIAS response in a SOAP message, the BIAS requester MUST NOT send a fault
1240 code or other error messages to the BIAS responder. Since the format for the message
1241 interchange is a simple request-response pattern, adding additional items such as error
1242 conditions would needlessly complicate the protocol.
1243 SOAP 1.1 also defines an optional data encoding system. This system is not used within the BIAS SOAP
1244 binding. This means that BIAS messages can be transported using SOAP without re-encoding from the
1245 “standard” BIAS schema to one based on the SOAP encoding.
1246 NOTE: [SOAP11] references an early draft of the XML Schema specification including an obsolete
1247 namespace. BIAS requesters SHOULD generate SOAP documents referencing only the final XML
1248 schema namespace. BIAS responders MUST be able to process both the XML schema namespace used
1249 in [SOAP11] as well as the final XML schema namespace.
1443 Specification of security features to be implemented (e.g., SSL, CBEFF BIR encryption, etc.)
1451
1452
1458 Service-level errors occur when there is a problem transmitting or representing the service
1459 request. They could result due to an invalid service request or because of a communications
1460 error.
1461 The ISO/IEC BIAS standard defines the error condition codes for system-level errors.
1462 If successful, a response message (containing a return code) will be generated.
1463 If unsuccessful, a SOAP fault message (containing a fault code) will be generated.
1503 Required operations and capabilities are described in Table 7.1 below.
Check Quality X
Create Subject X X X X
Delete Subject X X X
Perform Fusion X
Query Capabilities X X X X X X X
Verify Subject X X X X
Aggregate Services
Delete X X
Enrol X X X
Identify X X
Retrieve Data X X
Update X X X
Verify X X X
AggregateInputDataOptional X X X
AggregateInputDataRequired X X X
AggregateReturnData X X X
AggregateServiceDescription X X X
BiographicDataSet X X X X X
CBEFFPatronFormat X X X X X X X
ClassificataionAlgorithmType X
ConformanceClass X X X X X X X
Gallery X X X
IdentityModel X X X X X
ComparisonAlgorithm X X X X X X X
ComparisonScore X X X X X X X
QualityAlgorithm X
SupportedBiometric X X X X X X X
TransformOperation X
X – Required
C* – Conditionally required if associated implementation is asynchronous
C** – Conditionally required if implementation uses encounter-centric model
1506
1507 In addition, the minimum capability information to be returned in response to a Query Capabilities request
1508 (the only mandatory BIAS operation across all 5 classes) is specified for each class.
1509 These conformance classes and their associated requirements apply to this BIAS SOAP Profile.
1510 There are no minimum set of operations required to be implemented by BIAS requesters; however, any
1511 operations implemented must conform to the requirements of sections 3 and 4 and those requirements
1512 within section 5 that are mandatory and are not specific to BIAS responders.
1513
1514
Verify
Verify
Verify
CheckQuality
TransformBiometricData
VerifySubject
MatchDecision
MatchDecision
MatchDecision
Note that
1. CheckQuality, TransformBiometricData, VerifySubject can be exposed as interfaces of BIAS server agent.
6103
Verify
Verify
Verify
ReturnToken
CheckQuality
TransformBiometricData
VerifySubject
MatchDecision
Periodically Polling
GetVerfiyResult
MatchDecision
MatchDecision
Note that
1. CheckQuality, TransformBiometricData, VerifySubject can be exposed as interfaces of BIAS server agent.
6108
6109
CheckQuality
CheckQuality
Return
TransformBiometricData
TransformBiometricData
Return
VerifySubject
VerifySubject
Return
6115
Identify
Identify
Identify
CheckQuality
TransformBiometricData
IdentifySubject
CandidateList
CandidateList
CandidateList
Note that
1. CheckQuality, TransformBiometricData, IdentifySubject can be exposed as interfaces of BIAS server agent.
6123
Enroll
Enroll
Enroll
CheckQuality
TransformBiometricData
IdentifySubject
CreateSubject
SetBiographicData
SetBiometricData
AddSubjectToGallery
ReturnData
ReturnData
ReturnData
6132
CheckQuality
CheckQuality
Return
TransformBiometricData
TransformBiometricData
Return
IdentifySubject
IdentifySubject
Return
CreateSubject
CreateSubject
Return
SetBiographicData
SetBiographicData
Return
SetBiometricData
SetBiometricData
Return
AddSubjectToGallery
AddSubjectToGallery
Return
6138
Name Affiliation