In essence, I think most IDAM professionals would agree that attributes are things that RPs need to know about Subjects in order to [help] decide whether or not to accept a message, document etc. Some of the nice questions we're all dealing with currently are:
- are attributes (ie what someone is) more important than "identity" (ie who someone is)?
- how do you know that a given attribute about a Subject is true of the Subject?
- that is, what authority vouches for the attribute?
- and how do you know that a presented attribute is bound to the Subject and isn't being replayed?
If an attribute is something that we need to know about someone, then clearly passwords are something else. Likewise for PINs (the cool thing about PINs when at matched on-card is that nobody other the Subject ever knows the PIN). And CVVs.
And then there is biometrics. There are broadly two modes of biometric presentation: One-to-One, where it is generally preferred that the biometric is matched locally in order to unlock a device (ala FIDO, or Apple iTouch), and One-to-Many (often tellingly called "identification") where I suppose the attribute could be regarded as an attribute. But the general aversion to One-to-Many matching of biometrics points to an ideal where biometrics are NOT identity attributes!
Cheers,
Steve.
Stephen Wilson
Lockstep Group
W: http://lockstep.com.au
T: @steve_lockstep
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy. Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.
-----Original Message-----
From: "David Chadwick" <D.W.Chadwick@kent.ac.uk>
Sent: Tuesday, 7 March, 2017 6:07pm
To: dg-idpro@kantarainitiative.org
Subject: Re: [DG-IDPro] IdM Poster. (thats wrong)
Hi Kaliya
Glad you are not in my class!
Seriously though, passwords are identity attributes if one regards every
piece of information that is associated with a user as an identity
attribute. But they are clearly not identifiers in the general case, as
they do not uniquely identify anyone, given that 'password' and
'123456789' are two of the most common passwords on the Internet.
However, if you have a very strong password then it is possible that it
could be an identifier, if you are the only person in the world using
that password.
regards
David
On 07/03/2017 04:24, Kaliya Identity Woman wrote:
> HI ID Pro's
>
> As those of you know who attended the ID-Pro breakfast at RSA.. I'm in
> the new Masters of Science in Identity Management and Security at UT
> Austin.
>
> There have been some challenges in what has been taught... including
> that the factors of authentication are not that...but "identifying
> Information" or as in the poster below says "Identity Attributes"
>
> They also have taught that password are identifiers (yes this was
> actually taught)... in this poster on the other side they are identity
> attributes..yes identity attributes. Sigh. I have raised issues about
> these two things that have been taught...and well not gotten very far.
> (besides being told i'm a "bad student" and "unwilling to learn".
>
> But now they have this fabulous poster. I'm hoping some of you with
> blogs or twitter handles can point at the poster - references it and
> explain why both things are wrong. (cause they, specifically Dr. Barber
> and Dr. Doty don't believe me.
>
> Or maybe this group could write a joint letter explaining its
> 'wrongness" it snot great that this center is putting out this
> information...it doesn't help us in the long run get explaining this
> stuff right.
>
> Here is the post on their site with the poster.
> https://identity.utexas.edu/infographics/identity-attributes-and-the-identity-ecosystem
>
>
> Here is Dr Barbers faculty page
> - http://www.ece.utexas.edu//people/faculty/suzanne-barber
>
>
> Dr. Doty's
>
> https://www.ischool.utexas.edu/people/person_details?PersonID=22
>
>
>
> _______________________________________________
> DG-IDPro mailing list
> DG-IDPro@kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/dg-idpro
>
_______________________________________________
DG-IDPro mailing list
DG-IDPro@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idpro