Difference between revisions of "Presence"
From MgmtWiki
(→Context) |
(→Context) |
||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
| − | |||
*When discussing the use of the internet by a user, what is really meant is the Presence of the user operating an agent on an internet connection during some sort of Authentication process. | *When discussing the use of the internet by a user, what is really meant is the Presence of the user operating an agent on an internet connection during some sort of Authentication process. | ||
| − | * [ ] implicitly means to include [[Presence]], but does not really discuss it beyond the following two extracts from Section 7. | + | * [https://pages.nist.gov/800-63-3/sp800-63b.html NIST Special Publication 800-63B - Digital Identity Guidelines - Authentication and Lifecycle Management] implicitly means to include [[Presence]], but does not really discuss it beyond the following two extracts from Section 7 Session Management (which is label normative). |
| − | ** | + | ** 7.1.2 Access Tokens - An access token — such as found in OAuth — is used to allow an application to access a set of services on a subscriber’s behalf following an authentication event. The presence of an OAuth access token SHALL NOT be interpreted by the RP as presence of the subscriber, in the absence of other signals. |
| − | ** | + | ** 7.2 Reauthentication - Periodic reauthentication of sessions SHALL be performed to confirm the continued presence of the subscriber at an authenticated session (i.e., that the subscriber has not walked away without logging out). |
* The original [[Presence]] test for messaging apps in the 1990's was keyboard entry which could be passed to the correspondent device to show that the user was present. | * The original [[Presence]] test for messaging apps in the 1990's was keyboard entry which could be passed to the correspondent device to show that the user was present. | ||
Revision as of 12:27, 4 January 2020
Contents
Full Title or Meme
For Identity Management Presence typically refers to the human user acting through an agent to access a Web Site.
Context
- When discussing the use of the internet by a user, what is really meant is the Presence of the user operating an agent on an internet connection during some sort of Authentication process.
- NIST Special Publication 800-63B - Digital Identity Guidelines - Authentication and Lifecycle Management implicitly means to include Presence, but does not really discuss it beyond the following two extracts from Section 7 Session Management (which is label normative).
- 7.1.2 Access Tokens - An access token — such as found in OAuth — is used to allow an application to access a set of services on a subscriber’s behalf following an authentication event. The presence of an OAuth access token SHALL NOT be interpreted by the RP as presence of the subscriber, in the absence of other signals.
- 7.2 Reauthentication - Periodic reauthentication of sessions SHALL be performed to confirm the continued presence of the subscriber at an authenticated session (i.e., that the subscriber has not walked away without logging out).
- The original Presence test for messaging apps in the 1990's was keyboard entry which could be passed to the correspondent device to show that the user was present.
Problems
- From the time of the authentication with the agent forward, the user's Presence is seldom verified unless some individual action requires reconfirmation of the user's Presence.
Solutions
- User's physical gesture (touch, swipe, etc) on an input sensor of the device.
- Measurement of some biological feature (fingerprint, face scan) of the user.
- Sending some message to an alternate communications path (SMS phone message, etc).
- Some sort of Turing test (CAPTCHA, etc.)
Proof of Presence
The process of using one of the above methods to verify the presence of the user, or at least of some human being.
Reference
Other Material
- An alternate use of the word Presence is to refer to all of the user's attributes spread across the internet.
