Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Just released: three foundational whitepapers for advancing digital identity

NIST does many things across many fields, but none more than measurement science. Our belief in the NSTIC NPO is that the digital identity market is now maturing and innovating at a rate that demands a stronger measurement-based approach to evaluating the performance of identity solutions. To that end, our Applying Measurement Science in the Identity Ecosystem workshop is less than a month away, and we think it’s high time to start digging into the issues. Today, we’re pleased to release whitepapers on each of the three workshop focus areas: strength of identity proofing, strength of biometric authentication, and attribute metadata and confidence scoring. In the whitepapers, we explore concepts on how to implement measurement science in these areas of identity management. And, although we offer potential approaches to get these processes right, we encourage attendees to read the whitepapers and critically consider our thinking. Ideally, these papers will serve as the foundation for a productive workshop, where attendees offer new insights and solutions. You’ll find all of the whitepapers here, but here’s a look into what each paper has to offer:
  • Measuring Strength of Identity Proofing: We identify potential approaches to standardize a scoring framework for identity proofing. The goal is to give relying parties a baseline understanding of the process that led to an individual obtaining a credential and to enable the selection of proofing practices better aligned with assessed risk. Encouraging feedback at the workshop, we ask, for example: Is there a framework that can determine the ability for correctly guessing knowledge-based questions? Or inversely, those that cannot be guessed?
  • Measuring Strength of Authentication: We identify potential methods for measuring biometric authentication implementations to support a standardized scoring structure. Although we start with biometric authenticators, the intent is to produce a generalizable scoring structure to enable the comparison of different authenticator types and determine composite scores for multifactor schemes. For example, we ask: What is the best course of action to determine an authentication scoring framework?
  • Attribute Metadata and Confidence Scoring: For attributes, we examine the development of standardized metadata and potential approaches for determining confidence scores to assist with authorization decision making. Readers can consider, for example: In what ways would the addition of attribute metadata impact an organization’s infrastructure, operations, and performance?
Each paper contains a number of questions to encourage a critical reading of the proposed solutions and also frame discussions at the workshop. For now, it’s time to get reading. We’ll see you January 12th and 13th to get to the heart of these issues –  and the possible solutions. If you’re unable to attend in person, we invite you to submit written comments to NSTICworkshop [at] (NSTICworkshop[at]nist[dot]gov). You can access the whitepapers here. Don’t forget, registration for the workshop closes on January 5th, 2016! Register now. @NSTICnpo on Twitter


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.