Hi Kaliya,

Don’t mistake the value of an attribute for the attribute as a construct.

My weight, height, marital status, address(es), phone number(s), even SSN, might change over time too … that does not negate there status as useful identity attributes.

Hi Catherine,

 

The identity attribute space

has to cover at least the following kinds of entities:

   -- Physical human entities (PEs)

   -- Non-person entities (NPEs)

   -- Personas (alias-like virtual entities associated with PEs or NPEs)

   -- Virtual entities (which might represent PEs or NPEs)

 

Computer users (to use the term broadly, i.e., inclusive of all kinds of ICT devices) are virtual entities … the computer user with username “BobNatale” might ultimately point back to me, or someone else (named Bob Natale, Willy Wonka, or Marilyn Monroe), or to an intelligent software agent under the control of some government agency, etc. … but that username and PIN/passcode/password/PKI cert/etc. are identity attributes for that virtual entity … not for the actual entity behind it.

 

Avanti,

BobN

 

From: dg-idpro-bounces@kantarainitiative.org [mailto:dg-idpro-bounces@kantarainitiative.org] On Behalf Of Catherine Schulten
Sent: Tuesday, March 07, 2017 6:09 PM
To: Kaliya Identity Woman <kaliya@identitywoman.net>; dg-idpro@kantarainitiative.org
Subject: Re: [DG-IDPro] IdM Poster. (thats wrong)

 

Hi Kaliya – I was not an attendee at RSA but I thank you for sending this information over to the IDPro workgroup.  I feel it is important to understand how others are discussing the identity topic, especially from a edu source like University of TX @ Austin.

I am surprised about some of their statements on this poster as it is not how I would think to describe them.

 

1)    I don’t consider one’s username/passcode/PIN as an identity attribute and I doubt that anyone in the identity space would list those things off if they were asked to cite examples of identity attributes.  Person’s Name, phone numbers, SSN, DL #’s are what we typically think of when asked to list personal identity attributes.

2)    I have consistently observed the definition around an authenticator to be “something you have, know or are”.  In fact, a recent episode of Jeopardy had the following question so this seems to be a topic that is somewhat understood by the layperson:

<image002.jpg>

I have never heard “something you do” listed in this definition.  Unless the author means a biometric along the line of signature cadence or heartbeat rhythm.  I guess those could be considered “something you do”.  But they should fall under the “something you are” category.  I can’t imagine they mean one’s job as “something you are”.  It’s not clear and I would challenge the inclusion of this bullet point in that list.

3)    The poster also states that an identity ecosystem “assigns level of risk and value” – I assume they are referencing NIST IR 8112 around Identity Metadata?

4)    One other point – the term Identity Ecosystem is one that the IDESG has already “snagged”.  “an Identity Ecosystem – where individuals, businesses and other organizations enjoy greater trust and security as they conduct sensitive transactions online. The Identity Ecosystem is a user-centric online environment – a set of technologies, policies and agreed upon standards that securely supports transactions ranging from anonymous to fully-authenticated and from low to high value.”  https://www.idesg.org/The-ID-Ecosystem/Overview  The poster should either align with that definition or perhaps come up with their own term if they are wanting to describe something else.  I will make sure that that folks I work with the IDESG are aware that University of TX @ Austin is also using this term.  Not sure if it has been trademarked or anything but I could cause confusion if used to mean different things.

 

I think I maybe have a few dozen Twitter followers so my posting a rebuttal won’t go very far – but I would be interested in hearing a response from the faculty if you want to forward them this email.

 

 

Catherine Schulten
Direct: 954-290-1991

 

From: dg-idpro-bounces@kantarainitiative.org [mailto:dg-idpro-bounces@kantarainitiative.org] On Behalf Of Kaliya Identity Woman
Sent: Monday, March 6, 2017 11:24 PM
To: dg-idpro@kantarainitiative.org
Subject: [DG-IDPro] IdM Poster. (thats wrong)

 

HI ID Pro's

 

As those of you know who attended the ID-Pro breakfast at RSA.. I'm in the new Masters of Science in Identity Management and Security at UT Austin. 

 

There have been some challenges in what has been taught... including that the factors of authentication are not that...but  "identifying Information" or as in the poster below says "Identity Attributes" 

 

They also have taught that password are identifiers (yes this was actually taught)... in this poster on the other side they are identity attributes..yes identity attributes. Sigh.  I have raised issues about these two things that have been taught...and well not gotten very far. (besides being told i'm a "bad student" and "unwilling to learn". 

 

But now they have this fabulous poster. I'm hoping some of you with blogs or twitter handles can point at the poster -  references it and explain why both things are wrong. (cause they, specifically Dr. Barber and Dr. Doty don't believe me. 

 

Or maybe this group could write a joint letter explaining its 'wrongness" it snot great that this center is putting out this information...it doesn't help us in the long run get explaining this stuff right. 

 

Here is the post on their site with the poster. 

https://identity.utexas.edu/infographics/identity-attributes-and-the-identity-ecosystem

 

<image003.jpg>

 

Here is Dr Barbers faculty page - http://www.ece.utexas.edu//people/faculty/suzanne-barber 

 

Dr. Doty's

https://www.ischool.utexas.edu/people/person_details?PersonID=22