assurance - RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches
Subject: Assurance
List archive
- From: "Jones, Mark B" <>
- To: "" <>
- Subject: RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches
- Date: Wed, 8 Aug 2012 15:24:59 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
I think I’m missing something. What is considered “the time of registration” for ‘remote’ identity proofing? The way I read 800-63 I don’t see how it even applies to remote proofing. My assumptions are that the applicant would communicate the required information to the RA; the RA would take however many minutes, hours, or days required to verify the information; and then the RA would issue the credential in a manner that confirms the address of record (possibly using regular mail). I’m not seeing the requirement “to validate the documents at registration time” in the 800-63 language. From: [mailto:] On Behalf Of Roy, Nicholas S Table 3 on page 33 for remote proofing: “RA inspects both ID number and account number supplied by Applicant (e.g., for correct number of digits). Verifies information provided by Applicant including ID number OR account number through record checks either with the applicable agency or institution or through credit bureaus or similar databases, and confirms that: name, DoB, address and other personal information in records are on balance consistent with the application and sufficient to identify a unique individual. For utility account numbers, confirmation shall be performed by verifying knowledge of recent account activity. (This technique may also be applied to some financial accounts.)” http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf From: [] On Behalf Of Jones, Mark B Do you have 800-63 document references for some of the things that are left out of the IAP? I tried to find the requirement to validate documents at the time of registration and can’t find it. I have not stumbled on any obvious omissions. From: On Behalf Of Roy, Nicholas S From what I can deduce (perhaps completely inaccurately, but it “feels” like this to me, and I’ve been a reviewer on a couple revisions of the IAP) about the drafting process , there is a strong reason for not documenting or explicitly stating some of the things that are “left out” of the IAP/IAAF, things which exist in 800-63. I think the requirement to validate the documents at registration time is one of these things. I think nearly every omission of this type was made in the interest of making it possible to achieve Silver in a typical higher education setting. Almost all of the “omissions” that make things less clear in the InCommon assurance documents also make them less proscriptive in a way that makes them easier to achieve in the real world. Some people suggest this makes the IAPs “weaker” than 800-63. I’d argue it makes them more useful in that they can actually be implemented. Nick From: [] On Behalf Of Ann West Well Nick is correct. Silver is not a carbon copy of 800-63. It contains additional information about InCommon's trust model, certification requirements, HE comparable solutions (See 4.2.2.4.1 Existing Relationship for instance), etc. However, you're correct too, Mark, in the case of the identity proofing requirements. Silver is comparable and in some cases, uses the same language. 800-63-1 does provide more background about the process, however, that might be useful to folks, which is why we strongly recommend it as prerequisite reading and as a reference. Ann
|
- [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/07/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Ann West, 08/07/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- <Possible follow-up(s)>
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Joe St Sauver, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/09/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Tom Scavo, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Ann West, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Tom Scavo, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, William G. Thompson, Jr., 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Cantor, Scott, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Tom Scavo, 08/10/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/10/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/09/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Ann West, 08/07/2012
Archive powered by MHonArc 2.6.16.
Stop watching page | Change email notification preferences
View Online |