Just released: three foundational whitepapers for advancing digital identity

NIST does many things across many fields, but none more than measurement science. Our belief in the NSTIC NPO is that the digital identity market is now maturing and innovating at a rate that demands a stronger measurement-based approach to evaluating the performance of identity solutions. To that end, our Applying Measurement Science in the Identity Ecosystem workshop is less than a month away, and we think it’s high time to start digging into the issues. Today, we’re pleased to release whitepapers on each of the three workshop focus areas: strength of identity proofing, strength of biometric authentication, and attribute metadata and confidence scoring. In the whitepapers, we explore concepts on how to implement measurement science in these areas of identity management. And, although we offer potential approaches to get these processes right, we encourage attendees to read the whitepapers and critically consider our thinking. Ideally, these papers will serve as the foundation for a productive workshop, where attendees offer new insights and solutions. You’ll find all of the whitepapers here, but here’s a look into what each paper has to offer:

• Measuring Strength of Identity Proofing: We identify potential approaches to standardize a scoring framework for identity proofing. The goal is to give relying parties a baseline understanding of the process that led to an individual obtaining a credential and to enable the selection of proofing practices better aligned with assessed risk. Encouraging feedback at the workshop, we ask, for example: Is there a framework that can determine the ability for correctly guessing knowledge-based questions? Or inversely, those that cannot be guessed?
• Measuring Strength of Authentication: We identify potential methods for measuring biometric authentication implementations to support a standardized scoring structure. Although we start with biometric authenticators, the intent is to produce a generalizable scoring structure to enable the comparison of different authenticator types and determine composite scores for multifactor schemes. For example, we ask: What is the best course of action to determine an authentication scoring framework?
• Attribute Metadata and Confidence Scoring: For attributes, we examine the development of standardized metadata and potential approaches for determining confidence scores to assist with authorization decision making. Readers can consider, for example: In what ways would the addition of attribute metadata impact an organization’s infrastructure, operations, and performance?

Each paper contains a number of questions to encourage a critical reading of the proposed solutions and also frame discussions at the workshop. For now, it’s time to get reading. We’ll see you January 12^th and 13^th to get to the heart of these issues –  and the possible solutions. If you’re unable to attend in person, we invite you to submit written comments to NSTICworkshop [at] nist.gov (NSTICworkshop[at]nist[dot]gov). You can access the whitepapers here. Don’t forget, registration for the workshop closes on January 5^th, 2016! Register now. @NSTICnpo on Twitter