Versions Compared

Old Version 18

changes.mady.by.user Lynzie Adams

Saved on

compared with

New Version 19

changes.mady.by.user Lynzie Adams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Beyond FAIR, NIST welcomes comments on that topic. There are current discussions happening about what is live document validation and the capabilities needed to validate live capture of the actual document.

Has there been any consideration for the opportunity to validate the core attributes and then apply a probabilistic approach in terms of advanced analytics that would create a likelihood similar to the way we look at the likelihood of the match of the biometrics in 63b? But more around the actual identity itself. The identity is not stolen – and validate that through some measurement. Has that been something NIST has actively discussed or considered being open to?

 Yes, something NIST has been exploring. Looking for pathways to better understand - typically some type of score/threshold is established that gives sufficient confidence to say that everything does equal a positive outcome. In reality, probabilistic processes are occurring, they are just not as measured or standardized as some of the things done for biometrics. NIST is open to feedback. They are also actively doing work to explore what can standardized, what can’t be standardized, how can it be tested? However, for the most part, such probabilistic efforts are highly proprietary right now. Figuring out standardized common ways to evaluate and understand them is going to take some time. There are also challenges from the perspective that the tools will require evaluating PII and real data that is fraudulent or has been used for synthetic attacks. There are a lot of challenges and complexities with putting together a project to evaluate them. But NIST is actively exploring it.

 Less about the proprietary things that go into the algorithm – it’s more about how the algorithm performs. And how that can be standardized and measured. The challenge becomes the thresholds of what is and is not acceptable (i.e., 90%? 85%? 30%?) and what does that look like. NIST can’t say whether this will be for rev.4 or something that comes after rev.4.

Authenticator Binding

There is binding at enrollment and then post-enrollment binding. Is the description of the boundary of enthrallment in the draft? Is there actually a difference between when you bind during enrollment versus at some later time? Or is it the type of authenticator you are binding to that makes the difference?

...