Abstract
ISO/IEC 27566 part 2 "describes different technical approaches suitable in different ecosystems for age assurance systems and guidance for their implementation.”
[Source: PROPOSAL]
Introduction
ISO/IEC 27566 part 2 "provides technical guidance for implementing age assurance systems in a consistent and modular manner. It supports the practical application of the framework defined in Part 1 by identifying technical components, implementation approaches, and context-specific trade-offs. This enables privacy-respecting, effective, and policy-aligned age assurance across diverse digital and physical environments."
[Source: Preliminary Work Instruction]
Part 2 bridges between the foundational concepts in part 1 and the analytical approaches in part 3.
Scope
ISO/IEC 27655 part 2 “ includes guidance for considering the characteristics of various approaches and for making trade-offs when selecting approaches for different users, actors and use cases. The document describes different technical approaches suitable in different ecosystems for the implementation of age assurance systems or of age assurance components”
[Source: Preliminary Work Instruction]
Structure
Main sections [from initial draft]:
5: Principles carried forward from part 1
6: Relating context of use to implementation choices
7: Major contexts of use
8: Selecting components
9: Specifying requirements for procurement
10: Documenting operational practice statements and evidence
Annex A: Commonalities of age assurance methods and interaction models
Annex B: Common concerns related to common sub-contexts of use
Annex C: Enrolment, user account management, and wallet management
Annex D: Relationship to part 3
Annex E: Examples of trade-off choices during design of age assurance systems
Annex F: Examples of practice statements
Status
Part 2 is at first Working Draft stage.
Commentary
'Context of use' refers - I think - to the particular business situation in which some form of age assurance is needed. SInce these vary, the standard explains how to identify, determine and evaluate relevant requirements and parameters driving the design of the age assurance approach. e.g. how important is assurance to verify a person's true age? It then offers guidance on how to go about satisfying the requirements by selecting and implementing appropriate age assurance methods and technologies.