Closed woodbe closed 3 years ago
gregott
commented
3 years ago When you say input and output, are you talking about the input to and output from the CMFA TOE Boudary? Or are you talking about input to and output from the CMFA signal verification block?
woodbe
commented
3 years ago @gregott I would say to the TOE boundary. Pretty much the only output I can see is the score, and what I think is probably the real case as far as input goes, is that everything goes to the signal verification (some things pass without review if they are "trusted" while others get a full review).
n-kai
commented
3 years ago @woodbe Output from the CMFA TOE Boundary can be numerical, categorical (e.g. high, medium or low trust) or binary value so "score" should not be used.
It seems that there is no standard term for "trust score". Some papers refer it "similarity measurement", others call it "verification score" or "trust coefficient"
So I think that "identity confidence" is better term (but I am not native American so you can choose right one)
gfiumara
commented
3 years ago Something with "confidence" would be good. I'd maybe avoid "identity." Source confidence?
gregott
commented
3 years ago For the inputs, we are really trying to decide if the data received is authentic. Saying source confidence or source data confidence is essentially the same thing. As long as we define what we mean, source confidence is fine with me.
The CMFA is picking a point in a predefined range of values. According to one definition from the Web rating is a classification or ranking of someone or something based on a comparative assessment of their quality, standard, or performance.” Since rank has specific meaning elsewhere that might be confusing, I suggest CMFA rating. Ratings can be numbers, words, colors, symbols, etc. As long as we define what the rating system is, or tell the vendor do specify it, we should be good.
woodbe
commented
3 years ago Suggested terms (being added to a pull request)
Confidence rating - the resulting output from the CMFA Engine based on the provided inputs that is used to determine the authentication status of the user
Input trust - the level of reliability in sensor input. For example, how easy (or difficult) it may be to attack the sensor and send unreliable data to the CMFA product
I was running into questions about terms to use for the trust we are placing in things. We have a trust score, trusted sensors, the authentication trust (or something like it).
I am wondering if we should change "trust score" to "confidence score/identity confidence" as this is more about the output. Then we can use trust for measuring the input (how much we trust the input) to generate confidence.
In this way we separate the terms so we aren't getting trust confused on input vs output, and confidence I think is a very accurate description of the output of CMFA.