Anil John | Blog

On Digital Security, Privacy, Architecture ...

Anil John

What are KBA Metrics?

 Tweet  Share  Email

There is currently a discussion going on in the Identity Ecosystem Steering Group (IDESG) regarding knowledge based authentication (KBA) metrics. I am a bit unsure about what is being sought by the IDESG from a standards development organization (SDO). This blog post is an attempt at framing the questions, as I understand them, to determine if there is value here, or if it is the application of makeup to porcine livestock.

Topic:
Written by on |

Identity Validation as a Public Sector Digital Service?

 Tweet  Share  Email

I’ve written before about the role that the public sector currently has in identity establishment, but not in identity validation. This absence has led to an online ecosystem in the U.S. that depends on non-authoritative information for identity validation. These are some initial thoughts on what an attribute validation service, which provides validation of identity attributes using authoritative public sector sources, could look like.

Topic:
Written by on |

Relaxing, Recharging and Hiking in Banff National Park, Canada

 Tweet  Share  Email

I have found it very important to allocate time to rest, relax and recharge in order to deal with the pace and stress of daily life. My family and I find the outdoors to be the place to do just that. We just got back from Banff National Park, in the Canadian Rockies, which we visit often enough that my kids call it their happy place.

Keep close to Nature's heart... and break clear away, once in a while, and climb a mountain or spend a week in the woods. Wash your spirit clean.

John Muir
Topic:
Written by on |

Identity Assurance and Knowledge Based Authentication

 Tweet  Share  Email

NIST Electronic Authentication Guideline (SP 800-63) does not permit Knowledge Based Authentication (KBA) as a viable “something you know” authentication factor (Instant KBA). But it also notes that "knowledge based authentication techniques are included as part of registration" which is sometimes confusing. The term KBA is overloaded, often misused, and needs to be clarified based on the usage context.

Topic:
Written by on |

FRAUD as a Digital Platform Service

 Tweet  Share  Email

Operators of multi-sided platforms need to deliver compelling value to attract, keep, and grow participants in the platform. Leveraging cross-side and same-side network effects are ways to create value. I believe that a Federation-wide Reliable Account Usage Data (FRAUD) Service is one example of a platform service that can provide such value.

Topic:
Written by on |

The Venn of Identity Proofing and Identity Resolution Attributes

 Tweet  Share  Email

I've been spending a fair amount of time thinking about how to minimize the information asked of a person, to uniquely identify them, in order to deliver a high value public sector service to them. In particular I am interested in the overlap between what is asked for as part of identity proofing at Level 2 and Level 3 in NIST SP 800-63-2, and what studies show is needed for unique identity resolution.

Topic:
Written by on |


FREE EMAIL UPDATES
Get exclusive benefits & content first.

I will never share your email address with anyone else. Cancel anytime.

The entries in my blog are solely my opinions and do not represent the thoughts, intentions, plans or strategies of any third party, including my employer.


Archive of all Blog Posts

Recent Posts