[WG-IDAssurance] Updates to my comments

Scott Shorter sshorter at electrosoft-inc.com
Fri Dec 6 12:56:45 CST 2013


Hi all,

Updates to a few comments based on today's call.  The "IAWG let's discuss
on Friday" comment is now:

1. Clarify the distinction between identity proofing and identity
resolution, the attribute verification requirements for each, and when
those requirements are applicable (e.g. CSPs/RAs during enrollment, CSPs as
attribute providers, RPs during account linking and problem resolution,
etc.)

2. RPs should be able to make a determination based on their risk
assessment whether credentials based on data broker verification meets
their needs.  FICAM could provide guidance on the pros and cons, and
consider providing granularity in levels of Identity Assurance reflecting
the data sources against which verification was performed.


Does that more or less reflect the discussion?

I didn't add this because we didn't discuss it, but what also occurred to
me is:

3. FICAM could declare that SSN is not an acceptable "valid current
government ID number" during remote identity proofing.


NIST has persistently declined to clarify this issue, although the
conspicuous lack of the term "picture ID" in column 2 of Table 3 of SP
800-63-2 does permit it.  Changing that would be huge, and I doubt a
suggestion to do so would clear the ARB, but I offer it for the sake of
completeness.
-
Scott
-- 
Scott Shorter, Principal Security Engineer, Electrosoft Services Inc.
sshorter at electrosoft-inc.com O: 703-437-9451 x21 M: 240-994-7793
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20131206/48199550/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FICAM_TFS_Comment Matrix Electrosoft to IAWG 2013-12-06.xlsx
Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Size: 49714 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20131206/48199550/attachment-0001.xlsx>


More information about the WG-IDAssurance mailing list