Identity Proofing
Full Title or Meme
The process of evaluating evidence of the Identifiers and Attributes that are associated with a human being.
Context
- Also see Identity Proofing Use Case
- Attestation is the term typically used for proofing organizations or software implementations.
Problem
- On the internet no one knows your are a dog without Identity Proofing.
- NIST 800-63-3 (see below) has this description.
Identity proofing establishes that a subject is who they claim to be. Digital authentication establishes that a subject attempting to access a digital service is in control of one or more valid authenticators associated with that subject’s digital identity. For services in which return visits are applicable, successfully authenticating provides reasonable risk-based assurances that the subject accessing the service today is the same as that which accessed the service previously. Digital identity presents a technical challenge because this process often involves proofing individuals over an open network, and always involves the authentication of individual subjects over an open network to access digital government services. The processes and technologies to establish and use digital identities offer multiple opportunities for impersonation and other attacks.<\blockquote>
- IAL levels refers to the identity proofing process.
- There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the authentication process are self-asserted or should be treated as such
- Evidence supports the real-world existence of the claimed identity and verifies that the applicant is appropriately associated with this real-world identity. IAL2 introduces the need for either remote or physically-present identity proofing. Attributes can be asserted by Credential Service Providers (CSPs) to RPs in support of pseudonymous identity with verified attributes.
- Physical presence is required for identity proofing. Identifying attributes must be verified by an authorized and trained representative of the CSP. As with IAL2, attributes can be asserted by CSPs to RPs in support of pseudonymous identity with verified attributes.
Solutions
References
- New version of SP 800-63-3 with Assurance separated out from the Identifier or Federation Attributes.