Hi BoKkers: here's a first strawman attempt to start the taxonomy in the authentication section.

Please start hacking at it! It is imperfect and needs your critique. 

Based loosely on the Kantara ID Assurance Framework v5 and NIST SP 800-63 v3 drafts

What are the practices of:
  • Authentication (of credentials)
    • Authenticators
      • Categories and characteristics
      • Single- and multi-factor authenticators: objectives, threat mitigation
      • Verification mechanisms
      • Cryptographic mechanisms
      • Lifecycle management
      • Misuse and impersonation detection
      • Usability considerations
    • Relationship to Identification
      • ‘Binding’ of authenticators to entity records
        • Uniqueness within a population scope or ‘namespace'
      •  Privacy matters
        • Correlation across multiple transactions
        • Decoupling of personal information to authentication events
    • Methods to choose appropriate authentication techniques
      • Risk evaluation considerations
      • Cost considerations
      • Usability
      • Manageability
      • Attack Resistance
      • Models of Authentication ‘levels’
    • Authentication models, process and protocols
      • Authentication protocols (OpenID Connect, PKI-based)
      • Federated authentication models
      • Single-sign on models

Andrew Hughes CISM CISSP 
Independent Consultant
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8

AndrewHughes3000@gmail.com 
ca.linkedin.com/pub/andrew-hughes/a/58/682/
Identity Management | IT Governance | Information Security