See the ID Rules Before Us - How How How How

Explore the evolution of digital identity guidelines and authentication methods in this 51-minute conference talk from BSides Nashville 2018. Dive into the history of identity assurance levels, various authentication techniques, and the latest NIST Digital Identity Guidelines. Learn about different types of authenticators, including memorized secrets, pre-registered knowledge, and cryptographic methods. Examine the changes between revision 2 and revision 3 of the guidelines, covering topics such as supervised remote in-person proofing and knowledge-based verification. Gain insights into the Identity Assurance Level, Authentication Assurance Level, and Federation Assurance Level. Discover why traditional password rules are considered ineffective and understand the concept of credentials, including digital certificates. Access contact information and slides for further reference.

Intro
Outline
Intervening revisions
What is Digital Identity?
Rev 2: Level of Assurance
Memorized Secret
Pre-registered Knowledge
Lookup Secret
Out of Band Token
One Time Password
Cryptographic
Digression: Cert to SSH key
A digression: PIV (aka HSPD-12)
Another digression: Type 1 versus Type 2 errors
New NIST Digital Identity Guidelines
Rev 2 vs Rev 3
Identity Assurance Level
Trusted Referee proofing
Supervised Remote In-Person Proofing
Knowledge Based Verification
Authentication Assurance Level
Rev 3 Types of Authenticators
Additional Authenticators
Disallowed and Restricted Authenticators
Password rules are stupid
What is a credential?
A Certificate is a Credential
Federation Assurance Level
Contact and Slides