I appreciate all that you shared Catherine.  Thank you. 

While I appreciate the depth of the philosophy, definitional capacity of the community by those who responded on the thread and I can if I got into all of what was said and "agree" with much of it. I'm not concerned with 3rd year PhD level discussions but rather the   core 101 basics of identity that I have heard presented (likely from some of you) many dozens of times over the last 12 years.  

I shared this with the list because of my concern that the so far only program that says it is "in" this professional field was teaching core 101 concepts of identity - namely the factors of authentication - (lets go with) incorrectly (rather then "wrong" since this is raising some anti-bodies). 

I'm sorry if i came across too bluntly - yes I speak plainly, and yes I am alarmed by the teaching and people are seem to have been somewhat shy to directly engage with what I posted given the manner that it was framed. So I'm sorry about that. I was tired last night after returning home from Austin. Perhaps it would have been better suited to the list that Andrew highlighted focused on Taxonomy - with a less assertive tone. 

I would like to support the program getting things "right" so the people with masters  degrees in "Identity Management" aren't running around (our industry) and "with degrees" and communicating these core concepts differently then the community of actual professionals (that this group is/aspires to be) have been for literally years. 

I should share that I also had a back channel communication arising from this thread that said they had a colleague in identity that had tried to work with the folks at UT and found them unresponsive. 

To address what Catherine asked I think "what you do" becomes an authentication factor when it is either a behavioral biometric OR a geo-loccation biometric. 

I will close by asking this when you explain authentication as a technical thing (after an identity is enrolled) what are the factors?

Where are the factors clearly explained as the factors/methods of authentication that is "referencable"?

Is that taxonomy we are working on going to be the first place?

Are there referegcable sources that explain the factors of authentication  (what you are, what you have, what you know and what you do - in aggregate as a group) as "something else" that  I've some how been missing all these years?

Thanks, 
- Kaliya





On Tue, Mar 7, 2017 at 5:08 PM, Catherine Schulten <catherine.schulten@lifemedid.com> wrote:

Hi Kaliya – I was not an attendee at RSA but I thank you for sending this information over to the IDPro workgroup.  I feel it is important to understand how others are discussing the identity topic, especially from a edu source like University of TX @ Austin.

I am surprised about some of their statements on this poster as it is not how I would think to describe them.

 

1)      I don’t consider one’s username/passcode/PIN as an identity attribute and I doubt that anyone in the identity space would list those things off if they were asked to cite examples of identity attributes.  Person’s Name, phone numbers, SSN, DL #’s are what we typically think of when asked to list personal identity attributes.

2)      I have consistently observed the definition around an authenticator to be “something you have, know or are”.  In fact, a recent episode of Jeopardy had the following question so this seems to be a topic that is somewhat understood by the layperson:

Image posted by Lynn on January 31 at 10:04 PM

I have never heard “something you do” listed in this definition.  Unless the author means a biometric along the line of signature cadence or heartbeat rhythm.  I guess those could be considered “something you do”.  But they should fall under the “something you are” category.  I can’t imagine they mean one’s job as “something you are”.  It’s not clear and I would challenge the inclusion of this bullet point in that list.

3)      The poster also states that an identity ecosystem “assigns level of risk and value” – I assume they are referencing NIST IR 8112 around Identity Metadata?

4)      One other point – the term Identity Ecosystem is one that the IDESG has already “snagged”.  “an Identity Ecosystem – where individuals, businesses and other organizations enjoy greater trust and security as they conduct sensitive transactions online. The Identity Ecosystem is a user-centric online environment – a set of technologies, policies and agreed upon standards that securely supports transactions ranging from anonymous to fully-authenticated and from low to high value.”  https://www.idesg.org/The-ID-Ecosystem/Overview  The poster should either align with that definition or perhaps come up with their own term if they are wanting to describe something else.  I will make sure that that folks I work with the IDESG are aware that University of TX @ Austin is also using this term.  Not sure if it has been trademarked or anything but I could cause confusion if used to mean different things.

 

I think I maybe have a few dozen Twitter followers so my posting a rebuttal won’t go very far – but I would be interested in hearing a response from the faculty if you want to forward them this email.

 

 

Catherine Schulten
Direct: 954-290-1991

 

From: dg-idpro-bounces@kantarainitiative.org [mailto:dg-idpro-bounces@kantarainitiative.org] On Behalf Of Kaliya Identity Woman
Sent: Monday, March 6, 2017 11:24 PM
To: dg-idpro@kantarainitiative.org
Subject: [DG-IDPro] IdM Poster. (thats wrong)

 

HI ID Pro's

 

As those of you know who attended the ID-Pro breakfast at RSA.. I'm in the new Masters of Science in Identity Management and Security at UT Austin. 

 

There have been some challenges in what has been taught... including that the factors of authentication are not that...but  "identifying Information" or as in the poster below says "Identity Attributes" 

 

They also have taught that password are identifiers (yes this was actually taught)... in this poster on the other side they are identity attributes..yes identity attributes. Sigh.  I have raised issues about these two things that have been taught...and well not gotten very far. (besides being told i'm a "bad student" and "unwilling to learn". 

 

But now they have this fabulous poster. I'm hoping some of you with blogs or twitter handles can point at the poster -  references it and explain why both things are wrong. (cause they, specifically Dr. Barber and Dr. Doty don't believe me. 

 

Or maybe this group could write a joint letter explaining its 'wrongness" it snot great that this center is putting out this information...it doesn't help us in the long run get explaining this stuff right. 

 

Here is the post on their site with the poster.