A Guide for Integration of Authentication Technologies
A Guide for Integration of Authentication Technologies
Wednesday 5I
Convener: Oscar M.
Notes-taker(s): Jonas L.
Tags for the session - technology discussed/ideas considered:
Authentication methods, biometrics
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
The session was about a method to compare different authentication methods
Sample case:
Virtual shop - wants to sell products from a very broad price range. Want to use different permission types depending on how much money the product costs (normal, high, unlimited).
Authentication methods are described using four groups of factors: Context factors: Context, type of proof, applicable device Usability factors: Complexity, responsiveness, disability discrimination Cost factors: Implementation, deployment, user cost Security factors: Identity assurance (how certain can you be that a user is he says who he is), credential assurance (how likely is it that the credentials can be forged), availability, revocation, renovation, privacy
Comparison of face recognition, OTP and PK systems. See tables in slide (http://jonaslindstrom.dk/slides/iiw-oscar-manso-2015.pdf)
Now the methodology is to list the requirements you need in your use case and compare them to the factors.
This method is used on the sample case: For each of the three levels, we define requirements to the authentication methods that are needed. One conclusion is that face recognition can not be used, because they cannot be used in a public setting.
Discussion:
A discussion on how level of assurance and other factors relies heavily on the concrete deployment as opposed to general technologies.
Outbound and inbound factors should be taken into account.
Cost factors should be put in concrete values, possibly in a range.
There was some input about similar works. One was Vectors-of-trust.
Mike Schwartz provided a couple of links on similar work:
http://research.microsoft.com/pubs/161585/QuestToReplacePasswords.pdf
https://www.youtube.com/watch?v=0w4HismSMRE&list=PLK58Vrtd56-UXsh0fFLcXW_HIGPnryOYp&index=12