1. INTRODUCTION

This XRI Security Policy (the "Security Policy"), sets forth the security commitments of 1id.com, LLC ("1id") to our Registrants and to maintaining and preserving the integrity of the XRI infrastructure.

2. DEFINITIONS

• 2.1   Diligent Efforts. "Diligent Efforts" means, with respect to a given goal, the application of material and substantial energy toward the achievement of that goal as expeditiously as possible.
• 2.2   Global Services Specifications (GSS). "Global Services Specifications" or "GSS" shall mean the specifications published by XDI.ORG governing the operation of services offered by XDI.ORG and its authorized agents. The GSS is located at http://gss.xdi.org.
• 2.3   Registrant. "Registrant" means an individual or organization that enrolls with 1id to obtain a service from the GRS Registry System.
• 2.4   Registration Agreement. "Registration Agreement" means the document under which a Registrant registers with 1id for one or more services from the GRS Registry System.
• 2.5   Service. "Service" means services provided by 1id in connection with the XRI under this Registration Agreement, and includes contracting with Registrants, collecting registration data about the Registrants, and submitting registration information to a Contact Agent or Contact Data Custodian.
• 2.6   XRI. "XRI" means the URI-compatible scheme and resolution protocol for abstract identifiers used to identify and share resources across domains and applications as set forth by the OASIS XRI Technical Committee (http://www.oasis-open.org/committees/xri/).

Other terms used in this Agreement as defined terms shall have the meanings ascribed to them in the context in which they are defined, or, if not defined herein, shall have the definitions set forth in the Registration Agreement.

3. 1ID'S SECURITY COMMITMENTS

1id hereby warrants and represents that it will take the following steps to assure security with respect to XRI registration and use:

• 3.1   FTC Safeguards Rule. I-Broker has undertaken to become compliant with all information security practices recommended the U.S. FTC Safeguards Rule (http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm).
• 3.2   Authentication & Passwords. 1id will not ask Registrants for their passwords - not by phone, email, or other means of communication. Registrants are advised never to disclose their account passwords to anyone else. Registrants are solely responsible for keeping and maintaining the secrecy of their passwords. 1id recommends that Registrants use passwords with the following attributes:
• 3.2.1   At least eight characters in length;
• 3.2.2   Contain both upper and lower case characters;
• 3.2.3   Use numbers and punctuation characters as well as letters;
• 3.2.4   Not identical to a word found in a dictionary (spelled forwards or backwards);
• 3.2.5   Not personally identifiable information such as a birth date, address, bank account number, or phone number;
• 3.2.6   Not easily discoverable information such as a maiden name, spouse's name, parent's name, child's name, pet's name, street name, school name, or the like;
• 3.2.7   Not used on any other website or computer system now or in the past.
• 3.3   Data Protection. 1id will use Diligent Efforts to assure the integrity and confidentiality of data that Registrants provide as part of the registration or account management process. 1id shall provide those minimum assurances of privacy in such data as set forth in the privacy policy set forth at https://1id.com/1id.privacy.htm.
• 3.4   Survivability. 1id maintains and complies with a comprehensive survivability policy which can be found at https://1id.com/1id.survivability.htm.
• 3.5   Accountability. 1id maintains and complies with a comprehensive Accountability policy which can be found at https://1id.com/1id.accountability.htm.
• 3.6   ASP's. Application Service Providers provided by, to or through 1id shall be able to demonstrate compliance with 1id's minimum security requirements. 1id may revise or improve these standards over time.
• 3.7   Conformance with XRI Global Security Policy. 1id shall assure that this Security Policy is in conformance with the XDI.org Global Security Policy.
• 3.6   Audit. 1id reserves the right to audit its owned or controlled networks and systems on a periodic basis to ensure compliance with this policy.

4. MODIFICATIONS

This policy may be updated from time to time. Proposed alterations shall be posted at https://1id.com/1id.policypage.htm not less than thirty days in advance of the date such alterations shall take effect.