Refer to detailed summary and attached RFP.
This project involves the creating a flexible, expandable database that can be accessed anywhere in the world (online) by registered users. The concept is skill-representation and verification in order to reduce the possibility of fraudulent/counterfeit documents being used while positively identifying the holder of the database entry.
A number of different categories of user are required for the system to function effectively. Each user group must be identifiable and may be assigned certain access rights to view or amend other user groups entries by default, or they may not. An individual user needs to have the power to authorise another user (either acting on their own or on behalf of a corporate user) to access various parts of their entry. It stands to reason therefore that corporate users need to power to request this access from the individual.
Certain data fields will not be editable by the holder of the entry itself, but as regulators are involved, the individual must be able to request that this data be changed by the creator. Additionally, the regulator must be able to confirm the validity of information held on a request made either by the individual or some other body. In this way most of the data contained on the system is linked in some manner.
Security is paramount. As you will see certain "third party" players will be entitled to view personal information, but only if authorised by the holder of that information. This "authorisation" can either be in the form of the smart-card key interface, or through a series of password type accesses. On the web interface, a verifier must be able to log-in using their own ID (which will generally be linked to a corporate entry, their own employer) and thence check data when the appropriate authorisations have been provided. At, say, a checkpoint, this will be by inserting the smart key and possibily requesting a pin. If the key is missing then the individual password is entered and voila, same result. Remotely, say, for an employment check, the individual would use the authorisation tab to allow that corporate user access to the necessary data. Records of access are essential!
See the below attachments for a snapshot of what needs to be achieved.