Jean-François Lombardo

Senior Identity, Trust, Privacy Consultant; X-IAM
With 13 years [Wavestone (2005), Facilité Inc. (2013), then CGI (2018)] of field experience in Identity, Access, Authentication, and mostly Information Protection space; Jean-François Lombardo has acquired a strong end-to-end expertise.

Curiosity, passion and sharing are the three qualities he promotes in every Digital Identity community and project.

Sometimes as advisor, architect, or lead integrator, he truly recognizes the true value and strength of respecting standards, of contributing to a Trust framework, and of incorporating ethics in every B2E, B2B and B2C projects he is involved.

Jean-François's Session

Tuesday, June 25
1:30 - 1:55 pm
Navigating NIST SP-800-63-3 thanks to practical xAL cheat sheets
Trust. Trust is the most fundamental notion in every one of our business interactions, whatever our needs are: low or high assurance. Vector of Trust is a promising means to convey it through third parties and NIST SP-800-63-3 is a fantastic framework for defining your Trust capabilities. But, sometimes, you may find it difficult to map xAL requirements to real life evidence and authenticators. This session should help you with that. ------------------------------------------------- Do you know that, by the time of Identiverse 2019, NIST SP-800-63-3 will celebrate its second birthday? It is a framework that improved lots of points over the previous LoA scale and gained a lot of maturity thanks to implementers, researchers, and confrontations to other Trust frameworks. Still you may find it hard to find your way wherever you try to be a compliant IAL2 compliant CSP to ensure a third party that your users are IAL3 proofed or authenticated through an AAL2 authenticator, etc. Surely you know that you enrolled this user thanks to a photocopied electricity bill and authenticated him/her based on an Out-of-Band single factor device generating OATH compliant OTP tokens. Those are real life examples but you will have to find in which xAL box this may fit. This specific situation was raised within IDPro and we formalized some cheat sheets for you to navigate the inherent difficulties such as: •Main differences between levels of assurance; •Differences and ways to categorized WEAK, LOW, STRONG, and SUPERIOR real-life identity evidences; •Differences and ways to categorize real-life authenticators; •Ways to map NIST xALs to other Trust frameworks categories. By attending this session you will get a clearer, simpler, and more actionable picture of NIST SP-800-63-3 that will ease your path for your Vector of Trust journey.

Enter your details to receive email updates from Identiverse