1 / 10

Introduction of ISO/IEC 29003 Identity Proofing

ITU Workshop on “ ICT Security Standardization for Developing Countries ” (Geneva, Switzerland, 15-16 September 2014). Introduction of ISO/IEC 29003 Identity Proofing. Patrick Curry Director, British Business Federation Authority (& SC27 WG5) p atrick.curry@federatedbusiness.org.

Download Presentation

Introduction of ISO/IEC 29003 Identity Proofing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ITU Workshop on “ICT Security Standardizationfor Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Introduction of ISO/IEC 29003Identity Proofing Patrick Curry Director, British Business Federation Authority (& SC27 WG5) patrick.curry@federatedbusiness.org

  2. Why is identity proofing so important? • Trust is globally, strategically essential • Authentication is key to trust • Strength of credential usuallydepends on strength of enrolment & registration • Core of enrolment is identity proofing and verification • Situation is evolving fast and becoming more complex • National eID • Employee credentials • Consumer credentials • Low and high maturities • Federation is key. Not to be confused with Mutual Recognition

  3. Why is identity proofing so important? • Strength of credential usuallydepends on strength of enrolment & registration. But: • Anonymity • Partial anonymity • Pseudonymity • Depends on the use case

  4. What is identity proofing? • Process from application to entry into a register = authoritative source • Questions • Does the identity exist? • Can it be bound to a real person? • Identity proofing • Checking the application & evidence of identity for Level of Assurance (LoA) • Checking binding to the subject • Verification • Examining corroborative sources of data • Looking for contra-indicators • No involvement with the subject

  5. Identity vs PII Eligibility Capability Business Administration Service Delivery Identity proofing and verification Identity Identity – the minimum number of attributes that allow the person to be unique from all others in the context

  6. Key points Identity is the minimum One identity proofing process will always rely on other previous processes – unless it is the first. Authentication is only the act of identifying a returning user.

  7. The Key Entities • Person • Complicated • Much national variation • Organisation • Register(s) of Legal Organisations • 6 categories of attributes; 2 mandatory • Device • TPM best practice – where do FIDO and IBOPS fit? • Secure issuance • Software • To be confirmed

  8. The fast changing international situation • National cyber strategies • Cyber control frameworks • Pressure for strong authentication • New regulations • EU eID Authentication & Signature Regulations • Emerging US ID Verification standard • Many national e-ID programmes • More authentication requirements in supply chains

  9. The role of international standards • Enable interoperability = agility • Enable deployment and affordability • Reduces risks and costs • Standards bodies need to: • Engage with governments and industry • Establish better coordination • Move faster

  10. Conclusions and Recommendations • Too slow • Spread the load • Avoid gaps • Broadening communities • Based on national policies • Become more proactive • Collaborate with ISO and ? • Framework approach • Communicate better • Governments need to participate

More Related