Converging Digital Identities with Physical Areas – facilities, critical infrastructure , etc… (W1H)

From IIW

Session Topic: Converging Cyber and Physical Identities for access to Facilities, Critical Infrastructure, etc (W2H)

Convener: Vik Ghai

Notes-taker(s): Bret Tobey

Tags for the session - technology discussed/ideas considered:

Physical Identities Identity Convergence Critical Infrastructure Merging Online and Physical Identities


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Screen shot of process overlaps between Physical & Online/Digital/Cyber Identities. Several overlaps were identified: 3 depicted here are – i) Levels of Assurance (LOA), ii) Trust (oAuth), iii) Correlation (of activities in physical and logical domains)


Other Key discussion points:

1. Nouns & verbs between the two frameworks are discordant though managing the same person (identity)

2. Lower LOA systems can be combined to create stronger, lower friction identity proofing

3. Adding Mobile phone to ID Attributes for cyber & physical access could present opportunities and challenges

4. Several opportunities exist for example access to cloud-based application with multi-factor authentication that may include Physical Location Verification, Physical Access activity verification, Google Authenticator, etc

5. Can there be or are there frameworks for aligning two domains? Probably we need some recommendations or working group..

6. Functional Areas:

a. ID Proofing

b. Authentication

c. Risk Management Assignment

7. Real life use cases were discussed that validated the need for joint approach that can be very useful to fight fraud, provide better customer service, etc

8. Other organizations that can be invited to address a joint LOA approach

a. Physical Security Interoperability Alliance PSIA

(http://www.psialliance.org/)

a. Security Industry Association (SIA) (www.siaonline.org)