Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3.2.1 French ecosystem #95

Closed
mark-orz opened this issue Jul 25, 2016 · 2 comments
Closed

3.2.1 French ecosystem #95

mark-orz opened this issue Jul 25, 2016 · 2 comments
Assignees
@sbahloul
Labels
hbss

Comments

@mark-orz
Copy link

"In France, a trusted issuing certificate authorities list is maintained by the Finances Ministry in order to manage corporate identities Certificate authorities used to manage the face to face identity verification and deliver smartcards or USB tokens."
Change to
"In France, a list of trusted issuing certificate authorities is maintained by the Finance Ministry. The face-to-face verification of identity is managed by the certificate authorities, as is the delivery of smartcards or USB tokens."
(Not sure whether this applies to just corporate identities or to private individuals as well, please clarify.)

"And issuing authentication credential is not acceptable according to the existing risks they are facing in terms cyber attacks: combined social engineering, phishing, stolen TAN..."
Not sure what this is supposed to be saying, and I don't know what "stolen TAN" is. Perhaps:
"Issuing authentication credentials carries certain risks, such as social engineering and phishing."

"Banks are looking to cover the transaction risk by using the right credential to adapt the user experience to the risk, which includes also the strongest level for the highest risk."
Change to
"Banks are looking to cover the transaction risk by using the right credentials for the risk, with the strongest level of authentication being used for the highest risk scenarios."

"And now without the capability to rely upon Secure Elements in the browser, they currently facing a major issue to replace the existing identity scheme delegation which was providing a strong authentication and signature credential. "
Change to
"Without the capability to rely upon Secure Elements in the browser, banks currently face a major issue in being able to replace the existing identity scheme delegation which provides a strong authentication and signature credential. "
@sbahloul
Copy link
Collaborator

Not sure whether this applies to just corporate identities or to private individuals as well, please clarify.

FYI: it's about identifying individuals acting on behalf of the company.

@sbahloul
Copy link
Collaborator

Not sure what this is supposed to be saying, and I don't know what "stolen TAN" is.

TAN stands for Transaction Account Number which can be OTP sent by SMS or computed thanks to OATH or EMV/CAP tokens. I add it the explanation inline.

@sbahloul sbahloul added the hbss label Jul 25, 2016
@sbahloul sbahloul self-assigned this Jul 25, 2016
sbahloul pushed a commit that referenced this issue Jul 25, 2016
Fixing #88, #89, #90, #91, #92, #93, #94, #95, #97, #98, #99, #100, #101
a6d5e5b 
 submitted by Mark @ CESG. Great thank you for your comment / corrections
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbahloul sbahloul

Labels
hbss
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbahloul @mark-orz