Difference between revisions of "OWASP Knowledge Based Authentication Performance Metrics Project"

From OWASP

Jump to: navigation, search

Revision as of 20:09, 4 January 2015

Main
FAQs
Acknowledgements
Road Map and Getting Involved

The KBAPM Project

There is a lack of standard performance metrics regarding the use of knowledge based authentication (KBA) for remote identity proofing. KBAPMP's goal is to establish standard performance metrics for knowledge based authentication.

What is Knowledge Based Authentication?

Knowledge-based authentication, commonly referred to as KBA, is a method of authentication which seeks to prove the identity of someone accessing a service, such as a website. As the name suggests, KBA requires the knowledge of personal information of the individual to grant access to the protected material. There are two types of KBA: "static KBA", which is based on a pre-agreed set of "shared secrets"; and "dynamic KBA", which is based on questions generated from a wider base of personal information.

Licensing

Creative Commons Attribution ShareAlike 3.0 License

Project Leaders

Project Manager

Ann Racuya-Robbins

Join our Mailing List

Mailing List

Our Next Meeting

Monday January 5, 2015 at 11:00 AM US Eastern Time

Our Meetings are Open and All are Welcome to Attend

Meeting Minutes

[[1]]

AGENDA

Welcome
Ongoing:
Reveiw 12/1/2014, 12/8/2014 12/15/2014 Meeting Minutes
Draft Project Policies Update
Discuss and Document Tools/Ways Update
- github needs correcting
Information Management Update
Blog Article Update
Application to Conference in Amsterdam Update
- https://2015.appsec.eu/call-for-papers/
- https://2015.appsec.eu/call-for-research/

Discussions:
- - IDESG KBAPM Project Questions
  - Methods and Timeline for Responses
  - Update from Luis on Research
  - Governance Update from Bev

Take aways: Tasks

Schedule next meeting
Adjourn

WHERE

GoToMeeting https://www3.gotomeeting.com/join/642177878 Access Code: 642-177-878

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone. Dial +1 (571) 317-3112 Audio PIN: Shown after joining the meeting Meeting ID: 642-177-878 GoToMeeting® Online Meetings Made Easy® Not at your computer? Click the link to join this meeting from your iPhone®, iPad® or Android® device via the GoToMeeting app

Related Projects

KBAPM Project Metrics

https://www.openhub.net/accounts/KBAOpenHub A performance metrics tool for the KBAPM Project

Quick Download

News and Events

In Print

Classifications

How can I participate in your project?

All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?

Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

Contributors

OWASP KBAPMP - Knowledge Based Authentication Performance Metrics Project

Goals - To meet the requirements of the IDESG KBA Solicitation:

KBA PROJECT PHASES (PROPOSAL) Dear KBA collegues, we propose an action plan divided in the following phases:

FIRST PHASE: SCANNING THE MARKET The goal of this first phase, is to understand how KBA is working today (static and dynamic), and how KBA methodologies have been implemented by KBA providers. I think this a good departure point. 1. Footprinting the KBA market providers. 2. Identifying the KBA product providers used by the main market players. 3. Identifying the advantages and drawbacks of KBA provider's methodology. 4. Draw the document's structure.

SECOND PHASE: DEVELOPMENT Once the advantages and drawbacks of the KBA market have been clearly identified, it would be necessary to have our own plattform for testing purposes. This will give us the right perspective about developing a transnational, neutral, secure, and market wise KBA standard. I would also suggest building an open wiki, to get community feedback. 1. Setting an Application for KBA testing purposes. 2. Build an open wiki for community feedback. 3. Test the KBA proposals in our test application. 4. Analyzing the framework in crucial legal areas (such as Dynamic KBA and privacy).

THIRD PHASE: EDITION This phase is very important, as it concerns the text edition. Once all proposals have being tested in our lab, we should translate them into a clear document. 1. Edit the contents of the sources (sources such as the wiki). 2. Release the version 1.0. and license it under the terms of a suitable license.

Initial Overview

Survey and research the Global OWASP Community and other networks to identify and recruit appropriate participation.
Develop Opinion polls, foundations' research, interviews, perspectives on project, input from communities outside of the networks.
Survey and research other standards groups and their interests.
Phase I footprinting
Phase II Development
Phase III Implementation, Lessons Learned, Continuous refinement, Ongoing participation model, etc.
Research Licensing models //

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project&oldid=187503"

Categories:

@@ Line 51: / Line 51: @@
 ==== Meeting Minutes ====
-December 8, 2014
 [[https://www.owasp.org/index.php/KBAPM_Meeting_Notes#KBAPM_Meeting_Notes_20141208]]