Difference between revisions of "Authenticator"

From MgmtWiki
Jump to: navigation, search
(=Health Care Solutions)
(References)
Line 21: Line 21:
 
*TEFCA
 
*TEFCA
  
 +
===Other Material===
 +
*[https://www.healthit.gov/sites/default/files/page/2019-04/FINALTEFCAQTF41719508version.pdf Trusted Exchange Framework and Common Agreement (TEFCA) Draft 2] (2019-04-19)
 +
*[https://www.healthit.gov/sites/default/files/page/2019-04/TEFCADraft2UsersGuide.pdf A User’s Guide to Understanding to TEFCA Draft 2] A slide deck that introduces some erroneous simplifications. (like credential)
  
 
[[Category:Glossary]]
 
[[Category:Glossary]]
 
[[Category:Authentication]]
 
[[Category:Authentication]]
 
[[Category:Trust]]
 
[[Category:Trust]]

Revision as of 13:53, 21 October 2019

Full Title or Meme

Authenticators are devices in the user's possession that can generate believable claims that information has been contemporaneously generated by the device.

Context

Problem

Give users a hand-held device that can generate secured claims for access to secure accounts.

Solution

  • The Authenticator Assurance Level has been defined in NIST SP 800-63-3B to communicate the level of assurance.
  • The page One-Time Password Authenticator has a description of one type of Authenticator.
  • Web Authentication Authenticator. A cryptographic entity, existing in hardware or software, that can register a user with a given Relying Party and later assert possession of the registered public key credential, and optionally verify the user, when requested by the Relying Party. Authenticators can report information regarding their type and security characteristics via attestation during registration. A WebAuthn Authenticator could be a roaming authenticator, a dedicated hardware subsystem integrated into the client device, or a software component of the client or client device.
  • Authentication Assertion = The cryptographically signed AuthenticatorAssertionResponse object returned by an authenticator as the result of an authenticatorGetAssertion operation.
  • Authentication Ceremony = The ceremony where a user, and the user’s client (in conjunction with at least one authenticator) works in concert to cryptographically prove to a Relying Party that the user controls the credential private key associated with a previously-registered public key credential (see Registration). Note that this includes a test of user presence or user verification.

References

Health Care Solutions

  • HIPAA
  • TEFCA

Other Material