OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-charter-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: Accenture comments on the OASIS BOPS TC draft charter

…and the attachment now embedded in an email:

 

MB/NC1

Line number

(e.g. 17)

Clause/ Subclause

(e.g. 3.1)

Paragraph/ Figure/ Table/

(e.g. Table 1)

Type of comment2

Comments

Proposed change

Observations of the secretariat

1.              

 

(1)(b)

¶ 1

te

“One of our highest priorities in the information security field is the development of techniques to confirm that a person accessing online resources is authorized and allowed to do so. Simply stated, an entity must be able to validate its identity before accessing information, otherwise access to a resource should be denied. “

Authentication and Authorization are two distinct functions which are not interchangeable as implied here.  Suggest that the wording be changed accordingly.

 

2.              

 

(1)(b)

¶ 2

ed

“Much of the recent enterprise-level security breaches have been made by hackers with targeted activities to steal clients’ information for fraud and identity theft. This trend has enhanced awareness for the need for better authentication methods to prevent crime and fraud at all levels.”

This is speculative and, without specific reference(s), should be deleted.

 

3.              

 

(1)(b)

¶ 5

te

“Until recently, the “something that we are” authentication method, such as biometrics technology, was resource intensive.  However, the advent of smart phones, smart watches and mobile devices that include sensors (such as cameras, fingerprint scanners and microphones) has made it feasible and affordable to use biometrics for identification and authentication for online access. Biometrics systems can identify users based on either physiological or behavioral characteristics.”

However, the advent of smart phones, smart watches and mobile devices that include sensors (such as cameras, fingerprint scanners, and microphones, and GPS) has made it feasible and affordable to use biometrics for identification and authentication for online access. Biometrics Recognition systems can identify users based on either physiological or behavioral characteristics along with contextual information.

 

4.              

 

(1)(b)

¶ 6

te

“The demand for the ease and reliability offered by biometrics is growing. Consumers want security systems in place that prevent unauthorized access to their personal data. They are also concerned about having their identities stolen and used by thieves. Individuals have password fatigue and tend to reuse passwords across many sites, which add to the risk of identity theft and fraud. At present, biometrics technology holds a great deal of promise as the solution the industry has been searching for--but it is not without its limitations and certainly not without its critics.”

Again, confusing Authentication and Authorization; biometrics can aid in the former but not the latter:

 

“The demand for the ease and reliability offered by biometrics is growing. Consumers want security systems in place that prevent unauthorized access to their personal data. They are also concerned about having their identities stolen and used by thieves. Individuals have password fatigue and tend to reuse passwords across many sites, which add to the risk of identity theft and fraud. At present, biometrics technology holds a great deal of promise as the solution the industry has been searching for--but it is not without its limitations and certainly not without its critics.

 

 

 

 

 

Thank You,

--Daniel Bachenheimer

Accenture Emerging Technology Innovation

800 N. Glebe Road, Suite 300

Arlington, VA 22203

(703) 947-1659 office

(202) 251-7073 mobile

(703) 842-8965 fax

daniel.bachenheimer@accenture.com

IEEE Certified Biometrics Professional

RFID+ Certified

 

From: Bachenheimer, Daniel
Sent: Friday, July 18, 2014 7:32 PM
To: 'oasis-charter-discuss@lists.oasis-open.org'
Subject: Accenture comments on the OASIS BOPS TC draft charter

 

Hello,

 

Here are a few comments related to the OASIS BOPS draft charter attached for your consideration; thank you for the opportunity to participate.

 

Thank You,

--Daniel Bachenheimer

Accenture Emerging Technology Innovation

800 N. Glebe Road, Suite 300

Arlington, VA 22203

(703) 947-1659 office

(202) 251-7073 mobile

(703) 842-8965 fax

daniel.bachenheimer@accenture.com

IEEE Certified Biometrics Professional

RFID+ Certified

 



This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]