Some people are unable to classify things on a spectrum. You're either a programmer or you're not, a company is either evil or good, piracy either has no effect or a full effect on software sales, NPM is either a disaster bringing down the JS ecosystem or the reason it's great, the economy will either fail or become booming in 2020...
IMO non-spectrum thinking is one of the largest falacies in thinking and debates in the modern era.
What if you apply for a state benefits (e.g. benefits for your children, or student state grants)? These kind of services being accessible online are common in the Nordics and when authenticating the service provider would need to know a lot of personal information such as name, age, adress or email, previous given benefits records from other service providers, current loan debt status, university registration status, bank account nr, family members etc...
Zero knowledge proof in identity is a thing, but then the assurance of identity falls on a third party that has to verify your identity. There is also Self-Sovereign Identity and user-centric identity management which many consider the future of identity. But even in that case, most often a third party needs to at least maintain the infrastructure of where your identity is stored.
> What if you apply for a state benefits (e.g. benefits for your children, or student state grants)?
The best solution in this case is to stop means testing them, and also convert every plausible benefit from stuff to cash-to-buy-stuff-with (i.e. UBI). Because at that point it's the same as voting, all you have to prove is citizenship and that you haven't already received the benefit, there is no separate eligibility information required.
People have the intuition that not means testing things would be expensive, but when the benefit is in cash that comes out in the wash. If you receive $5000 more in cash than the value of the benefits you were previously eligible for, but then have to pay $5000 more in tax, it just cancels out and you're back to the original situation. Only now nobody has to prove eligibility status outside of basic citizenship, which also greatly reduces administrative costs and fraud.
Perhaps you are right, but we have to create systems for the needs of today's society as well, and in today's society you need to be eligible for a certain benefit in order to get it. Therefore, we need a person's identity (with all the personal information that are required for such eligibility to be checked) when that person is authenticating online and applying for that benefit.
> The best solution in this case is to stop means testing them, and also convert every plausible benefit from stuff to cash-to-buy-stuff-with (i.e. UBI). Because at that point it's the same as voting, all you have to prove is citizenship and that you haven't already received the benefit, there is no separate eligibility information required.
How do you prove that you did not already receive a government ID, and go back and get five more with different names and numbers on them? Same question, same answer.
Could anybody explain (or point me to) the pros and cons of using ISO/IEC 29115 vs NIST 800-63B authentication and identity guidelines? I just started working with electrical identification (eID) but can't find any good resources on which standard to choose.
NIST has specific relevance to businesses providing services to the US Federal government and the US Federal Government itself. From a business standpoint, ISO (International Standards Organization) compliance probably has more cachet because it is one of a suite of business standards that a company can mention on its website. ISO may be a better fit for an organization doing business outside the US simply because it's 'International' and more available to local security managers.
In the end, the choice of one or the other is perhaps more of a business decision than a technical decision. A good implementation of one or the other will be helpful. A bad implementation won't.
