Difference between revisions of "Assurance"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(Solutions)
Line 18: Line 18:
 
* AAL3 ==> U2F
 
* AAL3 ==> U2F
  
The best source of [[Truth]] about an [[Identity]] is obtained by documentation of the [[Identity Proofing]] process.
+
The best source of [[Truth]] about an [[Identity]] is obtained by documentation of the [[Identity Proofing]] process. That is something that can be audited to measure reality against expectations.
  
 
==References==
 
==References==

Revision as of 06:30, 8 August 2018

Full Title or Meme

The level of trust that can be afforded a claim of an Identifier or Attribute.

Context

Problems

  • In contexts where names are not validated (of low Assurance) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.[1]

Solutions

A rather facile mapping of the NIST levels of Assurance to the processes known today is:

  • AAL1 ==> password
  • AAL2 ==> 2FA
  • AAL3 ==> U2F

The best source of Truth about an Identity is obtained by documentation of the Identity Proofing process. That is something that can be audited to measure reality against expectations.

References

  1. Synonyms include: Validated.
    1. Jack Nicas, Oprah, Is That You? Most Likely, It's Not. 2018-07-08 New York Times page BU1