[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Daon comments on SP800-63
|
All – For your information I am attaching Daon’s comments on NIST SP800-63, which are primarily related to biometrics. I actually submitted these over a year ago, but plan to resubmit in response to the current call. In these comments, I position biometrics as an authentication token (a status it does not currently hold), but as a 2nd or 3rd factor only. My rationale for this is that I don’t believe NIST will accept them as a
single factor (based on the last 10 years of discussions with them), so I think by making this restriction, we will at least make forward progress in advancing the role of biometrics in e-authentication. On a more general front, I would like to see 800-63 become more mobile, innovation, and commercial friendly. From a trust-el perspective: -
The concept of trust-elevation should at least be addressed (with the idea of moving up from one level to another rather than just an initial logon to a given level) -
In addition to the traditional 3 factors, the role of other considerations included in our work – context and behavior – should be addressed. -
Authentication methods beyond the current 9 should be considered (e.g., biometrics). Regards, CT |
Attachment:
Daon comments on SP800-63-2.doc
Description: Daon comments on SP800-63-2.doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]