search

usnistgov / NISTIR-8112

Attribute Metadata Publication
4 stars 11 forks source link

Definitions - Assertions #18

Closed DCoxe closed 8 years ago

DCoxe commented 8 years ago

Organization: 2

Type:

Reference (Include section and paragraph number): Definitions: Section 2 - Assertions; Section 2 - Claims

Comment (Include rationale for comment): Attribute Assertions are often made by Users when registering to obtain a new account from an RP. These assertions include those attributes required by an RP to authorize service for the User. The RP may choose to verify the User Asserted attributes via 3rd party Attribute Providers (AP) who in turn will generate Claims (and/or Scores) about the validity of the User Assertions. For example, contextual attributes, including affiliation (e.g., job status, clearance), biometric and device identity attributes that are associated with a User may be Asserted by users to generate verification Claims from corresponding AP services each time a user attempts to authenticate to a service. This would also be the case for "Step-Up" authentication requirements.

Suggested Change: Include User Asserted attributes as a class of Asserted attributes for the purpose of account registration, Claims refresh, and contextual authentication requirements.

Organization: 1 = Federal, 2 = Industry, 3 = Other

RGalluzzo commented 8 years ago

Dave,

We have seen the term "claim" used in many different ways based on the architecture, solution, and community using it. The focus of the way we are using the term is on avoiding the use of actual attribute values--not a score or statement around confidence. If this term is easily confused with other existing terminology we are open to suggestions for how to address this including a new term for what we are describing.

Thanks!

DCoxe commented 8 years ago

Ryan,

We use “Claim” to denote a yes/no response to pairs of attribute assertions that are verified via commercial APs. These assertion pairs vary by AP service and provider, but generally couple some combination of Name/Address/ cell#/DoB/SS#/gender to resolve to an identity. The same applies when verifying what we call “Affiliation” attributes such as employment, clearance, certifications, education, etc.

Scores are a reflection of the confidence or probability given to the claims. As more assertion pairs are evaluated, the scores tend to be higher.

Dave

David Coxe, CEO ID/DataWeb, Inc. DCoxe@IDDataWeb.commailto:DCoxe@IDDataWeb.com 571-332-2740 cell 571-723-4310, ext 502 office

From: RGalluzzo [mailto:notifications@github.com] Sent: Friday, August 05, 2016 11:20 AM To: usnistgov/NISTIR-8112 Cc: Dave Coxe ID; Author Subject: Re: [usnistgov/NISTIR-8112] Definitions - Assertions (#18)

Dave,

We have seen the term "claim" used in many different ways based on the architecture, solution, and community using it. The focus of the way we are using the term is on avoiding the use of actual attribute values--not a score or statement around confidence. If this term is easily confused with other existing terminology we are open to suggestions for how to address this including a new term for what we are describing.

Thanks!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/usnistgov/NISTIR-8112/issues/18#issuecomment-237879263, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AQt-7S-l_LpRl_504Xr9gToBwURoIrIvks5qc1S8gaJpZM4JaqS1.

RGalluzzo commented 8 years ago

Thanks Dave. For now, we have decided to maintain the current definitions of "claim" and "assertion" to maintain some consistency with 800-63-3.