[Wg-p3] letter (final version)

Bob Pinheiro kantara at bobpinheiro.com
Fri Sep 4 19:52:36 PDT 2009

Susan  / Jeff,

Could you perhaps clarify design criteria #2: "Prioritize candidate 
technologies that have the capability to enable citizens access across 
all relevant LoAs."

If it turns out that open government applications for citizens extend 
across Levels of Assurance 1 - 3, is it being proposed to prioritize 
those authentication technologies that would be appropriate at all 3 
levels?  In addition to passwords (which could be used as one 
authentication factor at all 3 levels), a second authentication factor 
at LoA 3 could include one-time password tokens, as well as both "soft" 
and "hard" crypto tokens (X.509 certificates stored on a USB token or 
the user's computer).  [Table 7 page 43 of NIST 800-63 Rev1 shows which 
technologies combine to provide different assurance levels.]

What would be the criteria for prioritizing these alternatives?

Also, the newly formed User Login Experience WG might be able to help 
address problems related to minimizing the complexity of interacting 
with the complete set of citizen- facing applications.


Susan Landau wrote:
> With input from Brett McDowell Ian Glazer, Rich Furr, Paul Madsen and 
> others, Jeff Stollman and I have a final version of the letter to 
> ICAM, which is attached.
> What we do with the letter is a bit complicated, so Jeff will be 
> following up with a mail on procedures.
> Thanks all.
> Best,
> Susan
> ------------------------------------------------------------------------
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090904/0d56d72b/attachment.html>

More information about the Wg-p3 mailing list