Difference between revisions of "Assurance"
From MgmtWiki
(→Context) |
(→Problems) |
||
Line 10: | Line 10: | ||
==Problems== | ==Problems== | ||
+ | * In contexts where names are not validated (of low [[Assurance]]) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.<ref>Jack Nicas, ''Oprah, Is That You? Most Likely, It's Not''. 2-18-07-08 page BU1</ref> | ||
==Solutions== | ==Solutions== |
Revision as of 15:08, 9 July 2018
Full Title or Meme
The level of trust that can be afforded a claim of an Identifier or Attribute.
Context
- Some means for assuring the Web Site Security is required. See that page for details.
- The rest of this page is about establishing a level of assurance for Personal Information about a User also known as a Subject.
- NIST 800-63-3
Problems
- In contexts where names are not validated (of low Assurance) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.[1]
Solutions
- AAL1 ==> password
- AAL2 ==> 2FA
- AAL3 ==> U2F
References
- ↑ Jack Nicas, Oprah, Is That You? Most Likely, It's Not. 2-18-07-08 page BU1