The National Strategy for Trusted Identities in Cyberspace program has set the groundwork for a two-day workshop next month, releasing three white papers that discuss how to measure the credibility and authenticity of digital identity verification.
The three papers touch on strength of identity proofing, strength of biometric authentication, and attribute metadata and confidence scoring. NSTIC, a program of the National Institute of Standards and Technology, exists to promote new technologies and business processes to help move past the password as the way to establish identity and guard their sensitive information online.
Each paper takes a granular look at how experts will validate the ability of future technologies to verify a person’s identity. In the paper on identity proofing, NIST outlines a framework for weighing what needs to be assessed when identifying the risks that come with in-person and remote identity proofing. The second paper constructs a way to measure the security of biometric authentication in the face of multiplying attack vectors. The third paper assesses what metadata should be attached to verification methods and how that can be used to assure confidence in authenticating identity.
Sal D’Agostino, president of the Identity Ecosystem Steering Group, an independent public-private partnership launched by NSTIC, said these papers are going to help experts move past the siloed electronic authentication framework presented by NIST in special document 800-63.
“You need to make this widely acceptable, and I think that’s important, “ D’Agostino told FedScoop. “If it’s just NIST talking to themselves about some chief metric of identity, that’s not necessarily going to solve a problem.”
NIST has said recently that doing away with some of the requirements in 800-63 could be a possibility in the near future.
D’Agostino added that the white papers only serve to set up part of the workshop, while the panels will get into much more detail.
“There is measurement, there’s tools and then there is the managers of them,” D’Agostino said. “It will be interesting to see in the workshop where this stuff goes.”
NSTIC has been working to move past the password since April 2011, doling out grants to pilot projects that authenticate identity using a variety of emerging technologies.
The workshop will take place at NIST headquarters on Jan. 12-13, 2016.