Difference between revisions of "Attribute"
From MgmtWiki
(→Context) |
(→Solutions) |
||
| Line 11: | Line 11: | ||
==Solutions== | ==Solutions== | ||
| + | * [[Attribute]]s should not be released until [[User Consent]] is obtained. | ||
==References== | ==References== | ||
Revision as of 09:12, 6 August 2018
Full Title or Meme
Any piece of information about a digital entity.
Context
- At one time Attributes were considered to be a useful way to perform Authentication of a User.[1]
- Now it is realized that this method releases much User Private Information and offers low Assurance.
Problems
- Any attribute about a digital entity can be used to narrow the population that exhibits that attribute.
- If you want to see how little data is needed to uniquely determine your real world identity, or your preferences, just enter your data into this little tool].
Solutions
- Attributes should not be released until User Consent is obtained.
References
- ↑ NIST Special Publication 800-162 Guide to Attribute Based Access Control (ABAC) Definition and Consideration https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf
