This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Knowledge Based Authentication Performance Metrics Project"

From OWASP

Jump to: navigation, search

Latest revision as of 23:00, 26 September 2016

News and Events

Our first KBAPMP draft is finished. It is temporary hosted at github: KBAPMP_DRAFT. We are building a dynamic KBA sandbox for testing purposes. We need contributors.

KBAPMP Archive: Please see the News and Talks tabs

What is KBA-PMP

There is a lack of standard performance metrics regarding the use of knowledge based authentication (KBA) for remote identity proofing. KBA-PMP's goal is to establish standard performance metrics for knowledge based authentication, following a transnational perspective.

KBA-PMP Best Practices

2. Identity solutions will be secure and resilient.

3. Identity solutions will be interoperable.

4. Identity solutions will be cost-effective and easy to use.

Related Projects

ASVS

[[1] Choosing and Using Security Questions Cheat Sheet]

OWASP NNI (NIST NSTIC IDESG) Initiative: https://www.owasp.org/index.php/OWASP_NNI_Initiative

Licensing

Creative Commons Attribution ShareAlike 3.0 License

Project Leaders

Join our Mailing List

Mailing List

Standard DRAFT

KBAPMP

AGENDA

We will be presenting the KBAPMP standard at the OWASP APP SEC USA 2016 in Washington between October 11th and October 14th. For more information about the OWASP APP Sec USA 2016, please visit this link: USA_APPSEC_2016

All Meetings are Open and All are Welcome

KBA-PMP Project Metrics

Classification

OWASP KBA-PMP - Knowledge Based Authentication Performance Metrics Project

Goals - To meet the requirements of the IDESG KBA Solicitation:

KBA PROJECT PHASES (PROPOSAL) Dear KBA collegues, we propose an action plan divided in the following phases:

FIRST PHASE: SCANNING THE MARKET The goal of this first phase, is to understand how KBA is working today (static and dynamic), and how KBA methodologies have been implemented by KBA providers. I think this a good departure point.

1. Footprinting the KBA market providers.
2. Identifying the KBA product providers used by the main market players.
3. Identifying the advantages and drawbacks of KBA provider's methodology.
4. Draw the document's structure.
- Complete document structure v1
5. Initial Timeline
5. Launch Participant Outreach

SECOND PHASE: DEVELOPMENT Once the advantages and drawbacks of the KBA market have been clearly identified, it would be necessary to have our own platform for testing purposes. This will give us the right perspective about developing a transnational, neutral, secure, and market wise KBA standard. I would also suggest building an open wiki, to get community feedback.

1. Setting an Application for KBA testing purposes.
2. Build an open wiki for community feedback.
3. Test the KBA proposals in our test application.
4. Analyzing the framework in crucial legal areas (such as Dynamic KBA and privacy).

THIRD PHASE: EDITION This phase is very important, as it concerns the text edition. Once all proposals have being tested in our lab, we should translate them into a clear document.

1. Edit the contents of the sources (sources such as the wiki).
2. Release the version 1.0. and license it under the terms of a suitable license.

Initial Overview

Survey and research the Global OWASP Community and other networks to identify and recruit appropriate participation.
Develop Opinion polls, foundations' research, interviews, perspectives on project, input from communities outside of the networks.
Survey and research other standards groups and their interests.
Phase I footprinting
Phase II Development
Phase III Implementation, Lessons Learned, Continuous refinement, Ongoing participation model, etc.
Research Licensing models //

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project&oldid=221820"

Categories:

Difference between revisions of "OWASP Knowledge Based Authentication Performance Metrics Project"

Latest revision as of 23:00, 26 September 2016

News and Events

What is KBA-PMP

KBA-PMP Best Practices

Related Projects

Licensing

Project Leaders

Join our Mailing List

Standard DRAFT

AGENDA

KBA-PMP Project Metrics

Classification

September 23, 2016

Knowledge Based Authentication Performance Metrics Project (KBA-PMP) will be at AppSecUSA in Washington DC USA, October 11-14, 2016 for the OWASP Project Summit, for details see https://2016.appsecusa.org

April 20, 2016

Knowledge Based Authentication Performance Metrics (KBA-PMP) holds its first Project Summit in Amsterdam, Netherlands see https://2015.appsec.eu/conference-program/ KBA-PMP and https://2015.appsec.eu/project-summit/.

May 21, 2015

Co-Project Leaders Luis Enriquez and Ann Racuya-Robbins co-create a Lightning talk on the project's current essential features at the OWASP AppSec EU 2015 in Amsterdam, Netherlands. https://2015.appsec.eu/conference-program/

Current Contributors

How can I participate in your project?

If I am not a programmer can I participate in your project?

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 8: / Line 8: @@
 == News and Events ==
-Please see the [https://www.owasp.org/index.php/OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project#News News] and [https://www.owasp.org/index.php/OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project#Talks Talks] tabs
+Our first KBAPMP draft is finished. It is temporary hosted at github: [https://github.com/luisenriquez/kbapmp  KBAPMP_DRAFT]. We are building a dynamic KBA sandbox for testing purposes. We need contributors.
+KBAPMP Archive: Please see the [https://www.owasp.org/index.php/OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project#News News] and [https://www.owasp.org/index.php/OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project#Talks Talks] tabs
 ==What is KBA-PMP ==
-There is a lack of standard performance metrics regarding the use of knowledge based authentication (KBA) for remote identity proofing. KBA-PMP's goal is to establish standard performance metrics for knowledge based authentication.
+There is a lack of standard performance metrics regarding the use of knowledge based authentication (KBA) for remote identity proofing. KBA-PMP's goal is to establish standard performance metrics for knowledge based authentication, following a transnational perspective.
-=='''Visit Our Website'''==
-[http://kba-pmp.org/dir]
 =='''KBA-PMP Best Practices'''==
@@ Line 24: / Line 25: @@
 <!--From Wikipedia— "Knowledge-based authentication, commonly referred to as KBA, is a method of authentication which seeks to prove the identity of someone accessing a service, such as a website. As the name suggests, KBA requires the knowledge of personal information of the individual to grant access to the protected material. There are two types of KBA: "static KBA", which is based on a pre-agreed set of "shared secrets"; and "dynamic KBA", which is based on questions generated from a wider base of personal information."-->
+<!-- In this project, we are focused on Dynamic KBA. However the methodology described here can also be suitable for static KBA. Data is such a broad category. We live in the Big Data era, and information is gold. Today, KBA service providers can get data sources from public records, social networks, and many others. Tose sources can be used for remote identity proofing.
+However, legal restrictions such as personal data protection and the right of privacy, are legal restrictions in the fields of data transfers to third countries, data retention, data processing, and so on. The methodology established on this standard tries to solve these privacy issues.
 ====KBA-PMP Project Supports the NSTIC Guiding Principles ====
@@ Line 45: / Line 50: @@
 <!--The Identity Ecosystem will promote identity solutions that enable individuals to use a smaller number of identity credentials across a wide array of service providers. These identity solutions must be cost-effective for users, identity and attribute providers, and relying parties. Furthermore, identity solutions should be simple to understand, intuitive, easy-to-use, and enabled by technology that requires minimal user training.-->
+== Related Projects ==
+<!-- OWASP Security Labeling System Project
+[https://www.owasp.org/index.php/Projects/OWASP_Security_Labeling_System_Project] -->
+[[ASVS]]
+[[https://www.owasp.org/index.php/Choosing_and_Using_Security_Questions_Cheat_Sheet] Choosing and Using Security Questions Cheat Sheet]
+OWASP NNI (NIST NSTIC IDESG) Initiative: https://www.owasp.org/index.php/OWASP_NNI_Initiative
 ==Licensing==
@@ Line 60: / Line 75: @@
 * [mailto:luis.enriquez@owasp.org Luis Enriquez]
-* [mailto:ann.racuya.robbins@owasp.org Ann Racuya-Robbins]
+* [mailto:bev.corwin@owasp.org Bev Corwin]
-== Project Manager Scrum Leader ==
-* [mailto:ann.racuya.robbins@owasp.org Ann Racuya-Robbins]
 ===  Join our Mailing List ===
@@ Line 69: / Line 82: @@
 [https://lists.owasp.org/mailman/listinfo/owasp_kbapm_project Mailing List]<br>
-=== Follow us on Twitter ===
-[https://twitter.com/owasp_kbapmp @OWASP_KBAPMP]<br>
-== Our Next Meeting ==
+=== Standard DRAFT ===
-<!-- ==== WHEN ==== -->
-==== Monday June 1, 2015 at 11:00 AM - 12:30 PM US Eastern Time ====
+[https://github.com/luisenriquez/kbapmp KBAPMP] <br>
-<!--//'''Previous Meeting Minutes''' <!--[[https://www.owasp.org/index.php/KBAPM_Meeting_Notes#KBAPM_Meeting_Notes_20150112]]-->
-*[https://www.dropbox.com/s/a8mm4msrkg9s6z5/2015-02-23%2011.20%20OWASP%20KBAPMP.mp3?dl=0 '''RECORDING of CONVERSATION with CRYPTOGRAPHER BILL BURR''']
 ==== AGENDA ====
-All Meetings are Open and All are Welcome
-* Welcome and Introductions
-** Discussion on: (We can decide/confirm the order of discussion at the top of meeting)
-*** KBA-PMP Standard Structure #3  -  All
-** ''If time allows''
+We will be presenting the KBAPMP standard at the OWASP APP SEC USA 2016 in Washington between October 11th and October 14th. For more information about the OWASP APP Sec USA 2016, please visit this link: [https://2016.appsecusa.org/ USA_APPSEC_2016]
-*** New approaches to KBA metrics
-**** Feedback from US National Science Foundation's (NSF) Bahvani (from NIST Big Data Public Working Group - NBDPWG) on challenges to Multi-Factor Authentication (MFA)
-*'''Ongoing:'''
-* Outreach to KBA Providers and other Stakeholders Continues
-** https://2015.appsec.eu/call-for-papers/
+All Meetings are Open and All are Welcome
-** https://2015.appsec.eu/call-for-research/
-** Distributing Recorded Meetings?
-*Next Steps: Tasks
+== KBA-PMP Project Metrics ==
-*Adjourn
+<!-- [https://github.com/luisenriquez/kbapmp]
+We are working on a ruby based performance metrics demo for the KBA-PMP standard-->
-==== WHERE  ====
-GoToMeeting
-'''https://www3.gotomeeting.com/join/642177878'''
-'''Access Code: 642-177-878'''
-. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.
-Dial +1 (571) 317-3112
-Audio PIN: Shown after joining the meeting
-Meeting ID: 642-177-878
-GoToMeeting®
-Online Meetings Made Easy®
-Not at your computer? Click the link to join this meeting from your iPhone®, iPad® or Android® device via the GoToMeeting app
-<br>
-== Related Projects ==
-OWASP Security Labeling System Project
-[https://www.owasp.org/index.php/Projects/OWASP_Security_Labeling_System_Project]
-OWASP NIST NSTIC Initiative
-== KBA-PMP Project Metrics ==
-<!-- https://www.openhub.net/accounts/KBAOpenHub
-A performance metrics tool for the KBA-PMP-->
-https://github.com/KBA-PMP-ADMIN
 <!--== Quick Download ==
-== In Print == -->
+== [https://github.com/luisenriquez/kbapmp] == -->
 == Classification ==
@@ Line 148: / Line 121: @@
 = News =
-== May 19-20, 2015 ==
+== September 23, 2016 ==
+== Knowledge Based Authentication Performance Metrics Project (KBA-PMP) will be at AppSecUSA in Washington DC USA, October 11-14, 2016 for the OWASP Project Summit, for details see https://2016.appsecusa.org ==
+== April 20, 2016 ==
+First draft is released on github. We are closing our Second Phase. Now is time to Debug and test.
 == Knowledge Based Authentication Performance Metrics (KBA-PMP) holds its first Project Summit in Amsterdam, Netherlands see https://2015.appsec.eu/conference-program/ KBA-PMP and https://2015.appsec.eu/project-summit/. ==
@@ Line 207: / Line 187: @@
 https://drive.google.com/file/d/0B3AkniUi7NFeRXduS3pPQTJ6Mm8/view?usp=sharing"
-= Glossary =
-{{taggedDocument
-  | type=partialOld
-  | mode=silent
-}}
-{{compactTOC}}
-{{SecureSoftware}}
-==0–9==
-==A==
-==B==
-==C==
-==D==
-==E==
-==F==
-==G==
-==H==
-==I==
-==J==
-==K==
-==L==
-==M==
-==N==
-==O==
-==P==
-Performance Metrics
-==Q==
-==R==
-==S==
-==T==
-==U==
-==V==
-==W==
-==X==
-==Y==
-==Z==
-= KBA Concepts =
-{{taggedDocument
-  | type=partialOld
-  | mode=silent
-}}
-{{compactTOC}}
-{{SecureSoftware}}
-==0–9==
-==A==
-==B==
-==C==
-==D==
-==E==
-==F==
-==G==
-==H==
-==I==
-==J==
-==K==
-==L==
-==M==
-==N==
-==O==
-==P==
-==Q==
-==R==
-==S==
-Scalability
-==T==
-==U==
-==V==
-==W==
-==X==
-==Y==
-==Z==
 = Acknowledgements =
-==Contributors==
+== Current Contributors==
-Ann Racuya-Robbins Project Co-Leader
+Luis Enriquez <br>
+Robert Faron <br>
-Luis Enriquez Project Co-Leader
+Bev Corwin <br>
+Noreen Whysel <br>
 = FAQs =
 ==How can I participate in your project?==