7 comments

[ 4.2 ms ] story [ 41.0 ms ] thread
Could anybody explain (or point me to) the pros and cons of using ISO/IEC 29115 vs NIST 800-63B authentication and identity guidelines? I just started working with electrical identification (eID) but can't find any good resources on which standard to choose.
What's the application?
Banks, governments or any other strong authentication required services.
NIST has specific relevance to businesses providing services to the US Federal government and the US Federal Government itself. From a business standpoint, ISO (International Standards Organization) compliance probably has more cachet because it is one of a suite of business standards that a company can mention on its website. ISO may be a better fit for an organization doing business outside the US simply because it's 'International' and more available to local security managers.

In the end, the choice of one or the other is perhaps more of a business decision than a technical decision. A good implementation of one or the other will be helpful. A bad implementation won't.

Are you confusing electrical and electronic?
Yes I am, sorry. English is not my first language.