Difference between revisions of "Attribute"
From MgmtWiki
(→References) |
(→Full Title or Meme) |
||
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
| − | Any piece of | + | Any piece of data about a digital entity. |
==Context== | ==Context== | ||
Revision as of 09:26, 11 August 2018
Full Title or Meme
Any piece of data about a digital entity.
Context
- At one time Attributes were considered to be a useful way to perform Authentication of a User.[1]
- Now it is realized that this method releases much User Private Information and offers low Assurance.
Problems
- Any attribute about a digital entity can be used to narrow the population that exhibits that attribute.
- If you want to see how little data is needed to uniquely determine your real world identity, or your preferences, just enter your data into this little tool].
Solutions
- Attributes should not be released until User Consent is obtained.
References
- NIST Internal Report (NISTIR) 8112: Attribute Metadata defines a schema for metadata that describe a subject’s attributes; it is intended to give relying parties (RPs) greater insight into the methods attributes are determined to assist in making risk-based business decisions. As a result, RPs can examine this metadata and determine if they have the confidence they need in the attribute value before making an authorization decision. This NISTIR is being treated like an “implementers’ draft” – an approach used that focuses on real-world implementation results and lessons-learned before the document can become finalized.
