2016 is quickly approaching and in anticipation of the Workshop: Applying Measurement Science in the Identity Ecosystem, the National Institute of Standards and Technology has released some white papers to help move the conversation along.
On January 12-13, NIST will host the technical workshop where participants will collaborate about ways to measure and compare the performance of solutions in the Identity Ecosystem, specifically:
- Strength of identity proofing, both remote and in-person
- Strength of authentication with a focus on biometrics
- Attribute confidence to assist in effective authorization decision making.
This two-day event at the NIST campus in Gaithersburg, Md., is bringing together security practitioners, solution providers, experts and policy makers from across sectors. With the growth of available solutions in the market, the National Program Office says it’s time to improve the science behind identity assurance—and that the agencies and industry will benefit from better tools to measure the performance of solutions.
The white paper focus on:
Measuring Strength of Identity Proofing: This paper identifies potential approaches to standardize a scoring framework for identity proofing. The goal is to give relying parties a baseline understanding of the process that led to an individual obtaining a credential and to enable the selection of proofing practices better aligned with assessed risk. Encouraging feedback at the workshop, NIST asks: Is there a framework that can determine the ability for correctly guessing knowledge-based questions? Or inversely, those that cannot be guessed?
Measuring Strength of Authentication: NIST identifies potential methods for measuring biometric authentication implementations to support a standardized scoring structure. Although we start with biometric authenticators, the intent is to produce a generalizable scoring structure to enable the comparison of different authenticator types and determine composite scores for multifactor schemes. For example, the paper asks: What is the best course of action to determine an authentication scoring framework?
Attribute Metadata and Confidence Scoring: For attributes, we examine the development of standardized metadata and potential approaches for determining confidence scores to assist with authorization decision making. Readers can consider, for example: In what ways would the addition of attribute metadata impact an organization’s infrastructure, operations, and performance?
Each paper contains questions to encourage a critical reading of the proposed solutions and also frame discussions at the workshop.