This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Knowledge Based Authentication Performance Metrics Project"

From OWASP

Jump to: navigation, search

Revision as of 19:35, 28 May 2015

News and Events

Please see the News and Talks tabs

What is KBA-PMP

There is a lack of standard performance metrics regarding the use of knowledge based authentication (KBA) for remote identity proofing. KBA-PMP's goal is to establish standard performance metrics for knowledge based authentication.

Collaborate

[Collaborate]

KBA-PMP Best Practices

KBA-PMP Project Supports the NSTIC Guiding Principles

KBA-PMP Project is dedicated to developing KBA Standards in alignment the the NSTIC Guiding Principle. To that end KBA-PMP Project has answered the IDESG Standards Committee Solicitation to develop Knowledge Based Authentication Performance Metrics Standards.

The IDESG, its components, and its members shall at all times operate in accordance with four Guiding Principles set forth in the NSTIC. They are:

1. Identity solutions will be privacy-enhancing and voluntary.

2. Identity solutions will be secure and resilient.

3. Identity solutions will be interoperable.

4. Identity solutions will be cost-effective and easy to use.

Licensing

Creative Commons Attribution ShareAlike 3.0 License

Project Leaders

Project Manager Scrum Leader

Ann Racuya-Robbins

Join our Mailing List

Mailing List

Follow us on Twitter

@OWASP_KBAPMP

Our Next Meeting

Monday June 1, 2015 at 11:00 AM - 12:30 PM US Eastern Time

RECORDING of CONVERSATION with CRYPTOGRAPHER BILL BURR

AGENDA

All Meetings are Open and All are Welcome

Welcome and Introductions
- Discussion on: (We can decide/confirm the order of discussion at the top of meeting)
  - KBA-PMP Standard Structure #3 - All

- If time allows
  - New approaches to KBA metrics
    - Feedback from US National Science Foundation's (NSF) Bahvani (from NIST Big Data Public Working Group - NBDPWG) on challenges to Multi-Factor Authentication (MFA)

Ongoing:
Outreach to KBA Providers and other Stakeholders Continues

- https://2015.appsec.eu/call-for-papers/
- https://2015.appsec.eu/call-for-research/
- Distributing Recorded Meetings?

Next Steps: Tasks
Adjourn

WHERE

GoToMeeting https://www3.gotomeeting.com/join/642177878 Access Code: 642-177-878

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone. Dial +1 (571) 317-3112 Audio PIN: Shown after joining the meeting Meeting ID: 642-177-878 GoToMeeting® Online Meetings Made Easy® Not at your computer? Click the link to join this meeting from your iPhone®, iPad® or Android® device via the GoToMeeting app

Related Projects

OWASP Security Labeling System Project

[1]

OWASP NIST NSTIC Initiative

KBA-PMP Project Metrics

https://github.com/KBA-PMP-ADMIN

Classification

OWASP KBA-PMP - Knowledge Based Authentication Performance Metrics Project

Goals - To meet the requirements of the IDESG KBA Solicitation:

KBA PROJECT PHASES (PROPOSAL) Dear KBA collegues, we propose an action plan divided in the following phases:

FIRST PHASE: SCANNING THE MARKET The goal of this first phase, is to understand how KBA is working today (static and dynamic), and how KBA methodologies have been implemented by KBA providers. I think this a good departure point.

1. Footprinting the KBA market providers.
2. Identifying the KBA product providers used by the main market players.
3. Identifying the advantages and drawbacks of KBA provider's methodology.
4. Draw the document's structure.
- Complete document structure v1
5. Initial Timeline
5. Launch Participant Outreach

SECOND PHASE: DEVELOPMENT Once the advantages and drawbacks of the KBA market have been clearly identified, it would be necessary to have our own platform for testing purposes. This will give us the right perspective about developing a transnational, neutral, secure, and market wise KBA standard. I would also suggest building an open wiki, to get community feedback.

1. Setting an Application for KBA testing purposes.
2. Build an open wiki for community feedback.
3. Test the KBA proposals in our test application.
4. Analyzing the framework in crucial legal areas (such as Dynamic KBA and privacy).

THIRD PHASE: EDITION This phase is very important, as it concerns the text edition. Once all proposals have being tested in our lab, we should translate them into a clear document.

1. Edit the contents of the sources (sources such as the wiki).
2. Release the version 1.0. and license it under the terms of a suitable license.

Initial Overview

Survey and research the Global OWASP Community and other networks to identify and recruit appropriate participation.
Develop Opinion polls, foundations' research, interviews, perspectives on project, input from communities outside of the networks.
Survey and research other standards groups and their interests.
Phase I footprinting
Phase II Development
Phase III Implementation, Lessons Learned, Continuous refinement, Ongoing participation model, etc.
Research Licensing models //

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project&oldid=195470"

Categories:

@@ Line 153: / Line 153: @@
 = Talks =
 == May 21, 2015 ==
-== Co-Project Leaders Luis Enriquez and Ann Racuya-Robbins co-create a Lightning talk on the project's current essential features at the OWASP AppSec EU 2015 in Amsterdam, Netherlands. ==
+== Co-Project Leaders Luis Enriquez and Ann Racuya-Robbins co-create a Lightning talk on the project's current essential features at the OWASP AppSec EU 2015 in Amsterdam, Netherlands. https://2015.appsec.eu/conference-program/ ==
 = Road Map - Time Line =