Difference between revisions of "Assurance"
From MgmtWiki
(→Solutions) |
(→Problems) |
||
Line 11: | Line 11: | ||
==Problems== | ==Problems== | ||
* In contexts where names are not validated (of low [[Assurance]]) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.<ref>Jack Nicas, ''Oprah, Is That You? Most Likely, It's Not''. 2018-07-08 New York Times page BU1</ref> | * In contexts where names are not validated (of low [[Assurance]]) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.<ref>Jack Nicas, ''Oprah, Is That You? Most Likely, It's Not''. 2018-07-08 New York Times page BU1</ref> | ||
+ | * See discussion on the pages for [[Ephemeral]] and [[Persistent]]. | ||
==Solutions== | ==Solutions== |
Revision as of 06:31, 8 August 2018
Full Title or Meme
The level of trust that can be afforded a claim of an Identifier or Attribute.
Context
- Some means for assuring the Web Site Security is required. See that page for details.
- The rest of this page is about establishing a level of assurance for Personal Information about a User also known as a Subject.
- NIST 800-63-3
Problems
- In contexts where names are not validated (of low Assurance) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.[1]
- See discussion on the pages for Ephemeral and Persistent.
Solutions
A rather facile mapping of the NIST levels of Assurance to the processes known today is:
- AAL1 ==> password
- AAL2 ==> 2FA
- AAL3 ==> U2F
The best source of Truth about an Identity is obtained by documentation of the Identity Proofing process. That is something that can be audited to measure reality against expectations.
References
- Synonyms include: Validated.