Difference between revisions of "Binding"
(→References) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
Most of the point of [[Identity Management]] is the [[Binding]] of the [[Subject]] to a set of [[Attribute]]s or [[Claim]]s about that subject. | Most of the point of [[Identity Management]] is the [[Binding]] of the [[Subject]] to a set of [[Attribute]]s or [[Claim]]s about that subject. | ||
| + | ==Problems== | ||
| + | ===Biometric Binding=== | ||
| + | [[Anonymous Biometrics]] describes the fact that the biometric data, used to | ||
| + | open your phone or access apps or authorize transactions, | ||
| + | is not bound to your identity data Moreover, a | ||
| + | bad actor can replace your biometric data with their own | ||
| + | by using the PIN. | ||
| + | |||
| + | From that point on, the phone effectively tells the relying | ||
| + | party (for payments etc) that the fraudster is you. There is | ||
| + | NO way for the relying party to know or even consider | ||
| + | otherwise. | ||
| + | |||
| + | [[Binding]] is the watchword. Apple and FIDO and | ||
| + | Samsung, and Others, want you to believe that binding | ||
| + | everything to a phone is safe. Well? That generates a | ||
| + | sticky upgrade cycle for the next device but it enables | ||
| + | Anonymous Biometrics, the PKI Fallacy and all the | ||
| + | credential swap frauds that plague society today The | ||
| + | solution is to bind privileges to actual human beings, using a [[Biometric Factor]]. | ||
| + | |||
==References== | ==References== | ||
| − | * | + | *[https://rga.lis.virginia.gov/Published/2017/RD367/PDF Virginia Standards] for [[Identity Management]] p 30. Binding Identity to a Subscriber Provided Authenticator |
[[Category:Trust]] | [[Category:Trust]] | ||
| + | [[Category: Authentication]] | ||
| + | [[Category: Factor]] | ||
Latest revision as of 17:04, 26 June 2024
Full Title or Meme
Most of the point of Identity Management is the Binding of the Subject to a set of Attributes or Claims about that subject.
Problems
Biometric Binding
Anonymous Biometrics describes the fact that the biometric data, used to open your phone or access apps or authorize transactions, is not bound to your identity data Moreover, a bad actor can replace your biometric data with their own by using the PIN.
From that point on, the phone effectively tells the relying party (for payments etc) that the fraudster is you. There is NO way for the relying party to know or even consider otherwise.
Binding is the watchword. Apple and FIDO and Samsung, and Others, want you to believe that binding everything to a phone is safe. Well? That generates a sticky upgrade cycle for the next device but it enables Anonymous Biometrics, the PKI Fallacy and all the credential swap frauds that plague society today The solution is to bind privileges to actual human beings, using a Biometric Factor.
References
- Virginia Standards for Identity Management p 30. Binding Identity to a Subscriber Provided Authenticator
