I like the way you are thinking, but I might still quibble anyway. :-)
For any such security requirement (have, know or are) there are always two ways to overcome it. One is to fake or have the credential, the other is to suborn the system. One of the touted strengths of biometrics is that the "cost" of faking the credential is very high - unlike a physical key or fob or something, and certainly higher than a simple password.
I really do continue to see the performance-based metric as being an intersection of Are and Know, and no breaking into new ground. Penelope was always asking them to change "what they are", using a process that made it harder to suborn. Then again, it is just the same as swiping a fingerprint under the eye of a guard - you can't use a mock-up.
no subject
For any such security requirement (have, know or are) there are always two ways to overcome it. One is to fake or have the credential, the other is to suborn the system. One of the touted strengths of biometrics is that the "cost" of faking the credential is very high - unlike a physical key or fob or something, and certainly higher than a simple password.
I really do continue to see the performance-based metric as being an intersection of Are and Know, and no breaking into new ground. Penelope was always asking them to change "what they are", using a process that made it harder to suborn. Then again, it is just the same as swiping a fingerprint under the eye of a guard - you can't use a mock-up.