New Approaches for Transaction-based Assurance

Posted Oct 11th, 2011 by Mary Ruddy

As more organizations look to implement systems that require authentication at higher levels of assurance, there has been increased interest in transaction-based assurance.

Recently OASIS launched the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee The initial deliverable is a comprehensive list of current methods to authenticate identities online to the degree necessary for high value and sensitive transactions. This is expected to be a key input to new real world solutions that use a step-up approach to multi-factor authentication. 

Now AT&T has come out with Personal Levels of Assurance (PLOA), a white paper that introduces a new approach for determining transaction-based assurance.PLOA White Paper – v1.01

I'm looking forward to discussing this and other topics next week at IIW in Mountain View.




No responses yet

NSTIC NOI Response Period Extended to August 31, 2011

Posted Aug 19th, 2011 by jayunger

The NSTIC National Program Office at the U.S. Department of Commerce has extended the deadline for reponse to it's Notice of Inquiry (NOI) on the governance forms for the NSTIC ecosystem. The original  ( ) from its original date of July 22nd, 2011 to August 30th, 2011. Below is the Federal Register Notice announcing that extension. Note that the notice below specifically says that only electronic submissions will be accepted during this extended period. 

There are already over 45 responses that had been received prior to the original deadline and that have been posted in PDF form at the NSTIC web site at

I am also advised that anyone who posted a prior response and that feels the need to ammend or update their submission can also do so during this extension period.

[Federal Register: August 16, 2011 (Volume 76, Number 158)]
[Page 50719]
From the Federal Register Online via GPO Access []



National Institute of Standards and Technology

[Docket No. 110524296-1455-02]

Models for a Governance Structure for the National Strategy for
Trusted Identities in Cyberspace--Extension of Due Date for Comments

AGENCY: National Institute of Standards and Technology (NIST), United
States Department of Commerce.

ACTION: Notice.


SUMMARY: NIST is extending the deadline for submitting comments
regarding the governance structure for the National Strategy for
Trusted Identities in Cyberspace (NSTIC) to 3 p.m. Eastern Time, August
30, 2011. NIST will accept only electronic submissions during the
extended time period.


Comments are off for this post

NSTIC.US Group to hold NSTIC Teleconference / Panel for Press on Monday April 18th.

Posted Apr 13th, 2011 by jayunger

The sponsors of the NSTIC.US, website, including Identity Commons, will hold a press teleconference panel on Monday April 18th at 1:00PM EDT (10:00AM PDT).

If you are a representative of the general or technical press please submit your contact information and affiliation at and we will send information on how participate in this call.

The panel will be composed of both technical experts from the user-centric identity community as well as advocates from the privacy and public policy arena listed below:

    Moderator: Mary Ruddy – Chief Steward, Identity Commons


        Identity Commons – Kaliya Hamlin, Mary Ruddy, Jay Unger
        eCitizen Foundation – Dan Combs, Dazza Greenwood
        Liberty Coalition – Aaron Titus
        Center for Democracy and Technology – Aaron Brauer-Rieke
        Kantara Initiative – Matthew Gardiner
        OpenID Foundation / OIX – Don Thibeau
        Gartner – Bob Blakley

The purpose of this teleconference panel is to provide the press with a well  balanced view of Friday's government announcement of the National Strategy for Trusted Identities in Cyberspace, to answer general and specific questions about the known details of the strategy, and to give a future perspective on the progam.

Comments are off for this post

« Newer posts Older posts »