Difference between revisions of "Derived Credential"
From MgmtWiki
(→Problems) |
(→Solutions) |
||
(12 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
− | A | + | A [[Credential]] that is derived from some other credential in order to use in a different environment. |
==Context== | ==Context== | ||
Line 6: | Line 6: | ||
==Problems== | ==Problems== | ||
− | * The is a constant churn in the | + | * The is a constant churn in the devices that [[User]]s can carry with them. |
* Many credentials have already been issued with yesterday's technology. | * Many credentials have already been issued with yesterday's technology. | ||
* The new technology cannot accommodate the older credential. | * The new technology cannot accommodate the older credential. | ||
+ | * The older technology will continue to exist along side the older technology. | ||
==Solutions== | ==Solutions== | ||
+ | The US federal government relies on PIV [[Smart Card]]s<ref>NIST ''FIPS PUB 201-2 Personal Identity Verification (PIV) of Federal Employees and Contractors.'' https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.201-2.pdf</ref> to securely authenticate and identify employees and contractors when granting access to federal facilities and information systems for existing personal computer applications as well as for access control to buildings. That need is not going away so the existing PIV cards will continue to be issued. The [[Derived Credential]] specification has been issued (final on 2019-08-27) to help move this capability to small portable devices that cannot handle smart cards.<ref>NIST SP 1800-12, ''Derived PIV Credentials,'' https://www.nccoe.nist.gov/projects/building-blocks/piv-credentials</ref> | ||
+ | * 2024-11-15 [https://csrc.nist.gov/pubs/sp/800/157/r1/fpd Guidelines for Derived PIV Credentials and PIV Federation: SP 800-157r1 and SP 800-217 Available for Public Comment] | ||
==References== | ==References== | ||
+ | <references /> | ||
+ | ===Other Material=== | ||
+ | * See the wiki page [[Smart_Card#PIV_Card| PIV Card]] for more information about the source and direction of [https://piv.idmanagement.gov/ Personal Identity Verification (PIV)] in the US Government. | ||
+ | * See the wiki page [[Derived Mobile Credential]] for a list of use cases where a user can create a specific set of attributes for a specific purpose from | ||
− | + | [[Category: Glossary]] | |
− | [[Category: | + | [[Category: Authentication]] |
Latest revision as of 16:34, 15 November 2024
Full Title or Meme
A Credential that is derived from some other credential in order to use in a different environment.
Context
Credentials that were only provided in protected Smart Cards are now needed in other locations, like Smart Phones
Problems
- The is a constant churn in the devices that Users can carry with them.
- Many credentials have already been issued with yesterday's technology.
- The new technology cannot accommodate the older credential.
- The older technology will continue to exist along side the older technology.
Solutions
The US federal government relies on PIV Smart Cards[1] to securely authenticate and identify employees and contractors when granting access to federal facilities and information systems for existing personal computer applications as well as for access control to buildings. That need is not going away so the existing PIV cards will continue to be issued. The Derived Credential specification has been issued (final on 2019-08-27) to help move this capability to small portable devices that cannot handle smart cards.[2]
References
- ↑ NIST FIPS PUB 201-2 Personal Identity Verification (PIV) of Federal Employees and Contractors. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.201-2.pdf
- ↑ NIST SP 1800-12, Derived PIV Credentials, https://www.nccoe.nist.gov/projects/building-blocks/piv-credentials
Other Material
- See the wiki page PIV Card for more information about the source and direction of Personal Identity Verification (PIV) in the US Government.
- See the wiki page Derived Mobile Credential for a list of use cases where a user can create a specific set of attributes for a specific purpose from