Do You Need a Digital ID?

2005-03-15 Thread R.A. Hettinga
<http://www.pcworld.com/resource/printable/article/0,aid,120008,00.asp> PCWorld.com - Topics > Privacy & Security > Online Security > Do You Need a Digital ID? Security experts debate new ways to curb identity theft and boost e-commerce. Scarlet Pruitt, IDG News Servi

Re: Do You Need a Digital ID?

2005-03-20 Thread Anne & Lynn Wheeler
R.A. Hettinga wrote: i've been asked to flush out my merged security taxonomy and glossary http://www.garlic.com/~lynn/index.html#glosnote to highlight the distinction between identity theft and account theft. typically id

Re: Do You Need a Digital ID?

2005-03-21 Thread Jerrold Leichter
| if a re-issued a new token/card (to replace a lost/stolen token/card) is | identical to the lost/stolen token/card ... then it is likely that there is no | "something you have" authentication involved (even tho a token/card is | involved in the process) ... and therefor the infrastructure is just

Re: Do You Need a Digital ID?

2005-03-25 Thread Anne & Lynn Wheeler
minor addenda ... ref: http://www.garlic.com/~lynn/aadsm19.htm#1 Do You Need a Digital ID? http://www.garlic.com/~lynn/aadsm19.htm#2 Do You Need a Digital ID? there are 2nd order implementations of public/private key authentication business process where keeping the private key private might

Re: Do You Need a Digital ID?

2005-03-25 Thread Anne & Lynn Wheeler
now, i've said that all of these comments are within the 3 factor authentication paradigm ... if you back up a couple paragraphs in the original postings ... you will find the comments: > given 3-factor authentication: > > * something you have > * something you know > * something you are aka the

Re: Do You Need a Digital ID?

2005-03-25 Thread Jerrold Leichter
| now, i've said that all of these comments are within the 3 factor | authentication paradigm ... if you back up a couple paragraphs in the | original postings ... you will find the comments: | | > given 3-factor authentication: | > | > * something you have | > * something you know | > * something

Re: Do You Need a Digital ID?

2005-03-25 Thread Matt Crawford
Now that the taxing bodies (US & states) have learned not to print the SSN on the mailing label, Illinois has gone further and requires a state-assigned PIN to file or access your tax information over the internet. They helpfully provide you the PIN ... on the mailing label. --

Re: Do You Need a Digital ID?

2005-03-25 Thread Anne & Lynn Wheeler
Jerrold Leichter wrote: I don't think the 3-factor authentication framework is nearly as well-defined as people make it out to be. Here is what I've always taken to be the core distinctions among the three prongs: Something you know Can be copied. If copied i

Re: Do You Need a Digital ID?

2005-03-25 Thread Jerrold Leichter
| Jerrold Leichter wrote: | > I don't think the 3-factor authentication framework is nearly as | > well-defined | > as people make it out to be. | > | > Here is what I've always taken to be the core distinctions among the three | > prongs: | > | > Something you know | > Can be cop

Re: Do You Need a Digital ID?

2005-03-25 Thread Anne & Lynn Wheeler
arbitrary degree of precision; on the other hand, > no two physical objects are *identical*. So a distinction based > on whether a replacement is "identical" to the original gets > you nowhere. ref: http://www.garlic.com/~lynn/aadsm19.htm#2 Do you Need a Digital ID? or http://www.mail-a

Re: Do You Need a Digital ID?

2005-03-25 Thread Anne & Lynn Wheeler
idating a digital signature with a public key will infer that the other party is in possession of the corresponding private key. the relying party may not have direct i.e. http://www.garlic.com/~lynn/aadsm19.htm#5 Do You Need a Digital ID? one of the possible side-effects of applying 3-factor authe