Closed JaapFrancke closed 7 years ago
We like this idea, but within the scope of this document we do not intend to score the verification methods. In the future we may consider exploring how different aspects of attribute metadata can be used to provide scoring of the attributes.
Organization: 2
Type:
Reference (Include section and paragraph number): 3.2.2.1
Comment (Include rationale for comment): The specification indicates various Verification Methods. The description implicitely suggests one method is perceived as stronger than others. I think it could make sense to somehow classify or order the various methods, so the RP can more easily decide whether or not it will use the attribute.
See also related comments here: https://github.com/usnistgov/NISTIR-8112/issues/19
Suggested Change: Provide guidance for strength of methods, or introduce a new Accuracy-attribute named "Verification Strength". The RP can then say: I'll accept anything with strength at least "3".
Order of strength is probably
Organization: 1 = Federal, 2 = Industry, 3 = Other