Re: Identifiers on ID Cards

[Gary Dobbins <dobbins () ND EDU>]

Some suggested factors to consider in its selection (and it might be
visible which way I lean on these):

- Opaque; If the ID means nothing outside your system nor to the user, it's
less subject to vanity issues

- Permanent;  Never re-used. The person is unique over time (we hope), so
shouldn't their printed ID also be?

- Secrecy (not);  merely private/personal but never remains a true secret
(and hard to change) so not used as authenticator/password to valuable access.

- Unique;  Synonymous with personal name (e.g. "which Bob Jones are you,...
ID number?")



> On Dec 15, 2005, at 11:46 AM, Dave Huth wrote:
>
> > I'm wanting to learn more about best practices associated with what
> > type of identifiers to encode on ID Cards.  There doesn't seem to
> > be anything in the list archives on this subject - does anyone have
> > any good references.
> >
> > The types of questions surround the apporpriate type of identifier
> > to encode.  For instance is it a wise move to encode things like
> > Student/Employee ID, Login ID, and those types of identifiers that
> > are very difficult to change/re-issue; or should the Card be encoded
> > with an identifier that is re-issueable if the card is lost/stolen
> > and let a directory link that identifier with an individuals
> > collection of identity data?
> >
> > Thanks,
> >
> > Dave Huth
> > University of Utah
> ======================================================
>   Karen E. Eft   Information Technology Policy Manager
>   UC Berkeley (510)642-4095 http://itpolicy.berkeley.edu
>  ======================================================

--

  ------------------------------------------------------------
  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies