search

usnistgov / NISTIR-8112

Attribute Metadata Publication
4 stars 11 forks source link

Verification strength could be introduced #48

Closed JaapFrancke closed 7 years ago

JaapFrancke commented 7 years ago

Organization: 2

Type:

Reference (Include section and paragraph number): 3.2.2.1

Comment (Include rationale for comment): The specification indicates various Verification Methods. The description implicitely suggests one method is perceived as stronger than others. I think it could make sense to somehow classify or order the various methods, so the RP can more easily decide whether or not it will use the attribute.

See also related comments here: https://github.com/usnistgov/NISTIR-8112/issues/19

Suggested Change: Provide guidance for strength of methods, or introduce a new Accuracy-attribute named "Verification Strength". The RP can then say: I'll accept anything with strength at least "3".

Order of strength is probably

  1. Not verified
  2. Proof of possession
  3. Record verification
  4. Document verification
  5. Document Verification with Record verification

Organization: 1 = Federal, 2 = Industry, 3 = Other

RGalluzzo commented 7 years ago

We like this idea, but within the scope of this document we do not intend to score the verification methods. In the future we may consider exploring how different aspects of attribute metadata can be used to provide scoring of the attributes.