Totally agree that an identity represents a thing while authentication and authorization are processes (and distinct processes at that).
Authentication events can use attributes associated with the identity to determine whether or not the current actor is associated with the identity they claim to represent. Attributes would include the userid and the password just as it would also include name, address, and phone number. The only attribute required to be unique within a particular security domain is the userid.
Another attribute could be a device identifier, which in turn would have its own identity with attributes associated with it. I could query these attributes as part of an authorization process. For example, we have applications here at GE that you can only access from a GE-issued device. When I attempt to access that app, I have to authenticate myself with traditional ID/PWD but after successfully authenticating, the service detects my device certificate (and some secret sauce) and checks to ensure that not only am I on a GE device, but it is a device that is associated with my identifier.
Long story short, I do not believe that there are “authentication attributes” but there are attributes associated with identities that can be used to perform authentication and attributes that can be used to authorize access to protected resources. And in our brave new IoT world, those identity attributes can be associated with both humans AND things.
My two cents,
Hutch
From: dg-idpro-bounces@kantarainitiative.org [mailto:dg-idpro-bounces@kantarainitiative.org] On Behalf Of Kaliya Identity Woman
Sent: Tuesday, March 07, 2017 10:16 AM
To: Natale, Bob
HI ID Pro's
As those of you know who attended the ID-Pro breakfast at RSA.. I'm in the new Masters of Science in Identity Management and Security at UT Austin.
There have been some challenges in what has been taught... including that the factors of authentication are not that...but "identifying Information" or as in the poster below says "Identity Attributes"
They also have taught that password are identifiers (yes this was actually taught)... in this poster on the other side they are identity attributes..yes identity attributes. Sigh. I have raised issues about these two things that have been taught...and well not gotten very far. (besides being told i'm a "bad student" and "unwilling to learn".
But now they have this fabulous poster. I'm hoping some of you with blogs or twitter handles can point at the poster - references it and explain why both things are wrong. (cause they, specifically Dr. Barber and Dr. Doty don't believe me.
Or maybe this group could write a joint letter explaining its 'wrongness" it snot great that this center is putting out this information...it doesn't help us in the long run get explaining this stuff right.
Here is the post on their site with the poster. https://identity.utexas.edu/infographics/identity-attributes-and-the-identit...https://urldefense.proofpoint.com/v2/url?u=https-3A__identity.utexas.edu_infographics_identity-2Dattributes-2Dand-2Dthe-2Didentity-2Decosystem&d=DwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=3av-RSw9vyoSVB73bPh-tA&m=cXKI4rlh-h7IKvviyWPdGXi4EfOXl2BIP1fJCu1p0fg&s=ItRssCf9w9X0Tcqh4O2xzwP0_ByDx4--VPHgct-IFaU&e=
Here is Dr Barbers faculty page - http://www.ece.utexas.edu//people/faculty/suzanne-barberhttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.ece.utexas.edu_people_faculty_suzanne-2Dbarber&d=DwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=3av-RSw9vyoSVB73bPh-tA&m=cXKI4rlh-h7IKvviyWPdGXi4EfOXl2BIP1fJCu1p0fg&s=fZ8oXDooalHkDel1pg3BTAjV1hpcxsngGZJvUvt9Vsk&e=
Dr. Doty's
https://www.ischool.utexas.edu/people/person_details?PersonID=22https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ischool.utexas.edu_people_person-5Fdetails-3FPersonID-3D22&d=DwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=3av-RSw9vyoSVB73bPh-tA&m=cXKI4rlh-h7IKvviyWPdGXi4EfOXl2BIP1fJCu1p0fg&s=ttoWolYfLQyRW9JdF5IUB8krtORSDqgwAAxf72O7VXU&e=
_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.orgmailto:DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idprohttps://urldefense.proofpoint.com/v2/url?u=http-3A__kantarainitiative.org_mailman_listinfo_dg-2Didpro&d=DwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=3av-RSw9vyoSVB73bPh-tA&m=cXKI4rlh-h7IKvviyWPdGXi4EfOXl2BIP1fJCu1p0fg&s=c8bxSSFP88LVrYwa4C59bKLJraJR6zVfPaLAt6wo59s&e=
_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.orgmailto:DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idprohttps://urldefense.proofpoint.com/v2/url?u=http-3A__kantarainitiative.org_mailman_listinfo_dg-2Didpro&d=DwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=3av-RSw9vyoSVB73bPh-tA&m=cXKI4rlh-h7IKvviyWPdGXi4EfOXl2BIP1fJCu1p0fg&s=c8bxSSFP88LVrYwa4C59bKLJraJR6zVfPaLAt6wo59s&e= _______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.orgmailto:DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idprohttps://urldefense.proofpoint.com/v2/url?u=http-3A__kantarainitiative.org_mailman_listinfo_dg-2Didpro&d=DwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=3av-RSw9vyoSVB73bPh-tA&m=cXKI4rlh-h7IKvviyWPdGXi4EfOXl2BIP1fJCu1p0fg&s=c8bxSSFP88LVrYwa4C59bKLJraJR6zVfPaLAt6wo59s&e= _______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.orgmailto:DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idprohttps://urldefense.proofpoint.com/v2/url?u=http-3A__kantarainitiative.org_mailman_listinfo_dg-2Didpro&d=DwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=3av-RSw9vyoSVB73bPh-tA&m=cXKI4rlh-h7IKvviyWPdGXi4EfOXl2BIP1fJCu1p0fg&s=c8bxSSFP88LVrYwa4C59bKLJraJR6zVfPaLAt6wo59s&e=