1. There should probably be a glossary. Whats the difference between a Subject and a User? Whats a policy? etc.

2. Agree with the comment that Authentication and Proofing should not be covered at the same time. Authentication should be a transaction focussed discussion where proofing is a data management discussion.

3. What about adding NIST 800-53 as a standard for identity and authorization?

4. In addition to standards mentioned, think we should include patterns (and anti-patterns)? ie on the Authentication side talking about integration you have header injection patterns (or anti-pattern depending on your opinion) and on the data side you have sync and virtual patterns.

On Mon, Jun 19, 2017 at 3:30 PM Thorsten H. Niebuhr [WedaCon GmbH] <tniebuhr@wedacon.net> wrote:

Hey Folks

Attached a draft beta pre-finalization of the BoK. The basic idea is to have something to be discussed as a pre-final version, which can be used to take the next step: the development of the BoK Content itself (or the structures to allow it grow and develop)

Comments are welcome!

PS: Apart from the 'Authentication' section, I have removed /reworked the stuff that was available as comments. If you miss your comment: sorry. Just add it back, but remember to check if the idea / stuff you have in mind is not already handled in one of the sections/slices.

I recommend that we discuss this in next weeks call; maybe we get enough infos to 'close' the authentication section as well then

Thorsten

_______________________________________________
DG-IDPro mailing list
DG-IDPro@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idpro