OWASP Knowledge Based Authentication Performance Metrics Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The KBAPM Project
There is a lack of standard performance metrics regarding the use of knowledge based authentication (KBA) for remote identity proofing. KBAPMP's goal is to establish standard performance metrics for knowledge based authentication.

What is Knowledge Based Authentication?
Knowledge-based authentication, commonly referred to as KBA, is a method of authentication which seeks to prove the identity of someone accessing a service, such as a website. As the name suggests, KBA requires the knowledge of personal information of the individual to grant access to the protected material. There are two types of KBA: "static KBA", which is based on a pre-agreed set of "shared secrets"; and "dynamic KBA", which is based on questions generated from a wider base of personal information.

Licensing
Creative Commons Attribution ShareAlike 3.0 License


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Leaders

 * [mailto:luis.enriquez@owasp.org Luis Enriquez]
 * [mailto:ann.racuya.robbins@owasp.org Ann Racuya-Robbins]

Project Manager

 * [mailto:ann.racuya.robbins@owasp.org Ann Racuya-Robbins]

Join our Mailing List
Mailing List

Monday December 1, 2014 at 11:00 AM US Eastern Time
Our Meetings are Open and All are Welcome to Attend

WHERE
GoToMeeting https://www3.gotomeeting.com/join/642177878 Access Code: 642-177-878

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone. Dial +1 (571) 317-3112 Audio PIN: Shown after joining the meeting Meeting ID: 642-177-878 GoToMeeting® Online Meetings Made Easy® Not at your computer? Click the link to join this meeting from your iPhone®, iPad® or Android® device via the GoToMeeting app

AGENDA

 * Convene and Introductions
 * Transition to Project Wiki
 * Draft Project Policies
 * Discuss and Document Tools/Ways (Procedures) of our Project's Community
 * Information Management
 * Update on IDESG SCC Evaluation Process


 * Discussions: Next Steps on Research
 * Keep the context in mind, future, near future and current practices
 * Update on Application to Conference in Amsterdam
 * Take aways: Tasks
 * Schedule next meeting
 * Adjourn

Classifications

 * }

=FAQs=

How can I participate in your project?
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

Contributors
= Road Map and Getting Involved =

OWASP KBAPMP - Knowledge Based Authentication Performance Metrics Project

Goals - To meet the requirements of the IDESG KBA Solicitation:

Road Map:


 * 1) Survey and research the Global OWASP Community and other networks to identify and recruit appropriate participation.
 * 2) Develop Opinion polls, foundations' research, interviews, perspectives on project, input from communities outside of the networks.
 * 3) Survey and research other standards groups and their interests.
 * 4) Phase I footprinting
 * 5) Phase II Development
 * 6) Phase III Implementation, Lessons Learned, Continuous refinement, Ongoing participation model, etc.
 * 7) Research Licensing models