Resources can be protected by a number of different methods. Different standards and/or organizations may use different resource protection policies to guarantee that resources are adequately protected. Furthermore, a multitude of different resource protection systems may be available for general resource protection, and may be made available to resource owners through a network interface. These different resource protection systems may be spread across different servers operated by many different entities. Each of the resource protection systems and/or each of the particular protection policy employed by the systems may be individually tailored to particular resources or locations. Because each resource protection policy may be unique in at least a few respects, the methods of characterizing these protection policies and determining whether they meet external requirements for resource protection are as varied as the resource protection policies themselves.
In order to grant access to protected resources, systems may use many different methods to verify the identity of a user. Users typically provide some form of credential, such as a username, a password, a biometric token, an indication of user knowledge (e.g., an answer to a personal question), and other forms of user information that may not be easily spoofed when provided in combination and/or with limited tries. During a face-to-face session, forms of photographic identification issued by trusted third party, such as a government agency, can be compared to a person's physical appearance to verify their identity. However, this type of live verification is not possible during an automated session with proper controls to guarantee authenticity.