I can't help but agree with the poster. I also agree that these are indeed authentication characteristics. Just because they are authentication characteristics does not mean they are not identity attributes. When I see a long time friend, I identify and authenticate him by just seeing his face. Many biometric devices do similar, using the same biometric measurement they will identify which individual this might be, then authenticate that the individual is authentic. Further, in De-Identification methods, these would be considered identifiers or quasi-identifiers. In a De-Identification process they would be removed. In De-Identification the method must treat all data that is subject to the process, and therefore would see authentication characteristics as identity attributes. This said, it would be better that they explain this position. It isn't wrong, in my view; but it is a specific approach. John John Moehrke Principal Engineering Architect: Standards - Interoperability, Privacy, and Security CyberPrivacy – Enabling authorized communications while respecting Privacy M +1 920-564-2067 JohnMoehrke@gmail.com https://www.linkedin.com/in/johnmoehrke https://healthcaresecprivacy.blogspot.com "Quis custodiet ipsos custodes?" ("Who watches the watchers?") On Tue, Mar 7, 2017 at 6:23 AM, Kaliya Identity Woman < kaliya@identitywoman.net> wrote:
The bottom of the porter says:
What is an IDentity Attribute? - what you are - what you know - what you have - what you do
Are these not the factors or methods of authentication?
I have been in this industry for over 12 years and these (three and now 4 things) have always been referred to as authentication factors.
Right?
Here is a whole Twitter thread that got started ..... https://mobile.twitter.com/dgwbirch/status/838064419385016320
Sent from my iPhone
Sent from my iPhone
On Mar 7, 2017, at 4:08 AM, Nat Sakimura <nat@sakimura.org> wrote:
Not necessarily "most", I think ;-)
ISO/IEC 24760-1 defines:
3.1.2
identity
set of attributes (3.1.3) related to an entity (3.1.1)
3.1.3
attribute
characteristic or property of an entity (3.1.1) that can be used to describe its state, appearance, or other aspects
so, it is apparently a wider concept for those people who worked on it.
And with the definition, many "difficult" questions become degenerated.
My take is: attributes that are necessary to offer the service are more important than others.
It could be a verified identifier, or verified address, or verified age, etc.
Nat
---
Nat Sakimura
Chairman, OpenID Foundation
On 2017-03-07 19:02, swilson@lockstep.com.au wrote:
In essence, I think most IDAM professionals would agree that
attributes are things that RPs need to know about Subjects in order to
[help] decide whether or not to accept a message, document etc. Some
of the nice questions we're all dealing with currently are:
- are attributes (ie what someone is) more important than "identity"
(ie who someone is)?
- how do you know that a given attribute about a Subject is true of
the Subject?
- that is, what authority vouches for the attribute?
- and how do you know that a presented attribute is bound to the
Subject and isn't being replayed?
If an attribute is something that we need to know about someone, then
clearly passwords are something else. Likewise for PINs (the cool
thing about PINs when at matched on-card is that nobody other the
Subject ever knows the PIN). And CVVs.
And then there is biometrics. There are broadly two modes of biometric
presentation: One-to-One, where it is generally preferred that the
biometric is matched locally in order to unlock a device (ala FIDO, or
Apple iTouch), and One-to-Many (often tellingly called
"identification") where I suppose the attribute could be regarded as
an attribute. But the general aversion to One-to-Many matching of
biometrics points to an ideal where biometrics are NOT identity
attributes!
Cheers,
Steve.
Stephen Wilson
LOCKSTEP GROUP
T: @steve_lockstep
_Lockstep Consulting provides independent specialist advice and
analysis _
_on digital identity and privacy. Lockstep Technologies develops
unique _
_new smart ID solutions that enhance privacy and prevent identity
theft. _
-----Original Message-----
From: "David Chadwick" <D.W.Chadwick@kent.ac.uk>
Sent: Tuesday, 7 March, 2017 6:07pm
To: dg-idpro@kantarainitiative.org
Subject: Re: [DG-IDPro] IdM Poster. (thats wrong)
Hi Kaliya
Glad you are not in my class!
Seriously though, passwords are identity attributes if one regards
every
piece of information that is associated with a user as an identity
attribute. But they are clearly not identifiers in the general case,
as
they do not uniquely identify anyone, given that 'password' and
'123456789' are two of the most common passwords on the Internet.
However, if you have a very strong password then it is possible that
it
could be an identifier, if you are the only person in the world using
that password.
regards
David
On 07/03/2017 04:24, Kaliya Identity Woman wrote:
HI ID Pro's
As those of you know who attended the ID-Pro breakfast at RSA.. I'm
in
the new Masters of Science in Identity Management and Security at UT
Austin.
There have been some challenges in what has been taught... including
that the factors of authentication are not that...but "identifying
Information" or as in the poster below says "Identity Attributes"
They also have taught that password are identifiers (yes this was
actually taught)... in this poster on the other side they are
identity
attributes..yes identity attributes. Sigh. I have raised issues
about
these two things that have been taught...and well not gotten very
far.
(besides being told i'm a "bad student" and "unwilling to learn".
But now they have this fabulous poster. I'm hoping some of you with
blogs or twitter handles can point at the poster - references it and
explain why both things are wrong. (cause they, specifically Dr.
Barber
and Dr. Doty don't believe me.
Or maybe this group could write a joint letter explaining its
'wrongness" it snot great that this center is putting out this
information...it doesn't help us in the long run get explaining this
stuff right.
Here is the post on their site with the poster.
https://identity.utexas.edu/infographics/identity- attributes-and-the-identity-ecosystem
Here is Dr Barbers faculty page
- http://www.ece.utexas.edu//people/faculty/suzanne-barber
Dr. Doty's
https://www.ischool.utexas.edu/people/person_details?PersonID=22
_______________________________________________
DG-IDPro mailing list
DG-IDPro@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idpro
_______________________________________________
DG-IDPro mailing list
DG-IDPro@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idpro
_______________________________________________
DG-IDPro mailing list
DG-IDPro@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idpro
_______________________________________________
DG-IDPro mailing list
DG-IDPro@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idpro
_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro