The scope of this Recommendation is as follows: General IdM system models and services; IdM system related security threats and risks; Security guidelines for deployment of IdM systems; Security guidelines for operation of IdM systems; Privacy considerations in IdM systems.