1. There should probably be a glossary. Whats the difference between a Subject and a User? Whats a policy? etc. 2. Agree with the comment that Authentication and Proofing should not be covered at the same time. Authentication should be a transaction focussed discussion where proofing is a data management discussion. 3. What about adding NIST 800-53 as a standard for identity and authorization? 4. In addition to standards mentioned, think we should include patterns (and anti-patterns)? ie on the Authentication side talking about integration you have header injection patterns (or anti-pattern depending on your opinion) and on the data side you have sync and virtual patterns. On Mon, Jun 19, 2017 at 3:30 PM Thorsten H. Niebuhr [WedaCon GmbH] < tniebuhr@wedacon.net> wrote:
Hey Folks
Attached a draft beta pre-finalization of the BoK. The basic idea is to have something to be discussed as a pre-final version, which can be used to take the next step: the development of the BoK Content itself (or the structures to allow it grow and develop)
Comments are welcome!
PS: Apart from the 'Authentication' section, I have removed /reworked the stuff that was available as comments. If you miss your comment: sorry. Just add it back, but remember to check if the idea / stuff you have in mind is not already handled in one of the sections/slices.
I recommend that we discuss this in next weeks call; maybe we get enough infos to 'close' the authentication section as well then Thorsten
_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro
-- Marc Boorshtein CTO Tremolo Security marc.boorshtein@tremolosecurity.com (703) 828-4902 Twitter - @mlbiam / @tremolosecurity