Binding

Full Title or Meme

Most of the point of Identity Management is the Binding of the Subject to a set of Attributes or Claims about that subject.

Problems

Biometric Binding

Anonymous Biometrics describes the fact that the biometric data, used to open your phone or access apps or authorize transactions, is not bound to your identity data Moreover, a bad actor can replace your biometric data with their own by using the PIN.

From that point on, the phone effectively tells the relying party (for payments etc) that the fraudster is you. There is NO way for the relying party to know or even consider otherwise.

Binding is the watchword. Apple and FIDO and Samsung, and Others, want you to believe that binding everything to a phone is safe. Well? That generates a sticky upgrade cycle for the next device but it enables Anonymous Biometrics, the PKI Fallacy and all the credential swap frauds that plague society today The solution is to bind privileges to actual human beings, using a Biometric Factor.

References

• Virginia Standards for Identity Management p 30. Binding Identity to a Subscriber Provided Authenticator