[Owasp-austin] Remote First Use Identity Proofing/Authentication

Ann Racuya-Robbins ann.racuya.robbins at owasp.org
Wed Jul 22 13:10:09 UTC 2015


Hello all.  We have all had an opinion about the merits of KBA, but most
have focused on the authentication case for a user known previously to the
website provider using shared secrets between the claimant and the provider
or intermediary for static KBA. What if that is not the case?


Please help us brainstorm an alternative approach perhaps dynamic in
addition to or instead of static KBA in the following use case—



A Human User with no previous experience/contact with a Service Provider
wants and needs to interact with a Service Provider or intermediary broker
remotely, without a prior exchange of identity attributes. How does the
Service Provider/intermediary know with sufficient assurance the identity
of this Human User?



How might we add high level guidance for our OWASP authentication
piktochart to address a Remote First Use for Identity
Proofing/Authentication?
https://magic.piktochart.com/output/7003174-authentication-cheat-sheet


Regards,


Ann Racuya-Robbins  KBA-PMP  Co-Leader and Project Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20150722/ef0eefef/attachment.html>


More information about the Owasp-austin mailing list