Anil John
Making Digital Services Secure and Trustworthy

Anil John

My 10 Most Popular Blog Posts of 2014

 Tweet  Share  Comment  Print  Email

First and foremost, Thank You! Thank you for your continued readership. Thank you for the diverse range of opinions and feedback you have provided on the blog, as well as the extremely positive feedback regarding my email only newRECENTLY newsletter.

Your feedback has helped me to shape the content and topics to better address your challenges in delivering secure and trustworthy digital services. I think you will find the content areas such as risk management, authentication, identity proofing and more, that I am building out, useful.

For this blog post, I ran the analytics to discover which posts you found interesting in 2014. Here are the top ten, in the order they were written.

  • HOW TO Choose Attributes to Uniquely Identify a Person - The ANSI/NASPO Identity Proofing and Verification (IDPV) Standard Development Project identifies sets of core identity attributes across the dimensions of Name, Location, Time and Identifier that in most cases, allows for resolution to a single identity. This blog post provides details about the factors that influence how one chooses one particular set over another..

  • Identity Establishment, Verification and Validation - I believe that that there is a role for the public sector in the establishment of identity. Depending on the audience, that statement is sometimes mistaken as support for a single public sector issued credential. Ah… No! This blog post provides some foundational terminology and raises some concerns regarding the outsourcing of identity establishment.

  • DIACC Launches in Canada - This week marks an important milestone for north american digital services with the official launch of the Digital ID and Authentication Council of Canada (DIACC). I am a big fan of the measured, understated, collaborative and whole-of-government manner in which the Canadians move their identity efforts forward, and this is a classic demonstration of that approach.

  • Identity Assurance and Knowledge Based Authentication - NIST Electronic Authentication Guideline (SP 800-63) does not permit Knowledge Based Authentication (KBA) as a viable “something you know” authentication factor (Instant KBA). But it also notes that “knowledge based authentication techniques are included as part of registration” which is sometimes confusing. The term KBA is overloaded, often misused, and needs to be clarified based on the usage context.

  • Identity Validation as a Public Sector Digital Service? - Identity is the starting point in the delivery of high value services, benefits and entitlements. As such, the initial establishment of identity by an authoritative party is the foundation upon which other services are built. This blog post looks at some of the public sector entities that perform this function and see how they operate in the online world.

  • Should Level of Assurance be Scalar or a Vector? - Levels of Identity Assurance continues to be one of the most discussed topics in the identity world. One of the oft-debated aspects is whether it should be conveyed as a singular number, distilled from an underlying set of components, or if the underlying set of components themselves should be conveyed.

  • The Missing Link Between Tokens and Identity - Component identity services, where specialists deliver services based on their expertise, is a reality in the current marketplace. At the same time, the current conversations on this topic seem to focus on the technical bits-n-bytes and not on responsibilities. This blog post is an attempt to take a step back and look at this topic through the lens of accountability.

  • Who Else Wants a Portable Token as the First Authentication Factor? - There is a great deal of interest when delivering digital public services to leverage a strong token, ideally one that has already been obtained by or issued to an individual, across multiple relying parties. This blog post identifies some of the challenges to overcome to enable a true bring-your-own-token experience.

  • A C2G Identity Services Overview of Canada - Canada, as part of securing its Citizen to (Federal) Government Digital Services, is currently taking a dual track approach to externalizing authentication and account management while keeping identity management in-house. This blog post provides a high level technical overview of the components of Canada’s Cyber Authentication Renewal Initiative.

  • Why Multi-Factor and Two-Factor Authentication May Not Be the Same - Two Factor Authentication is currently the bright and shining star that everyone, from those who offer ‘free’ services to those who offer high value services, wants to know and emulate. When designing such implementations, it is important to understand the implications to identity assurance if the two-factor implementation does not correctly incorporate the principles of multi-factor authentication..


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog ( The opinions expressed here are my own and do not represent my employer’s view in any way.

By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a Public Interest Technologist. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone