Difference between revisions of "Software Statement"
From MgmtWiki
(→Context) |
(→Context) |
||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
# The context is a computing machine, like a [[Smart Phone]], in the possession of the user that allows the user to load [[Native App]]s. | # The context is a computing machine, like a [[Smart Phone]], in the possession of the user that allows the user to load [[Native App]]s. | ||
| + | # The user will perform authentication with [[Web Site]]s on this device, some of which will require a high level of assurance of the user's authenticity. | ||
# In determining an authentication assurance level (NIST 800-63-3B AAL2 or 3) a website needs to see some sort of attestation statement that can be used to determine the level of assurance that a user's credential will not be exposed. | # In determining an authentication assurance level (NIST 800-63-3B AAL2 or 3) a website needs to see some sort of attestation statement that can be used to determine the level of assurance that a user's credential will not be exposed. | ||
Revision as of 15:48, 20 February 2020
Full Title or Meme
A json document that describes the provenance, certification and operational environment of an implementation of a software package on a computing machine.
Context
- The context is a computing machine, like a Smart Phone, in the possession of the user that allows the user to load Native Apps.
- The user will perform authentication with Web Sites on this device, some of which will require a high level of assurance of the user's authenticity.
- In determining an authentication assurance level (NIST 800-63-3B AAL2 or 3) a website needs to see some sort of attestation statement that can be used to determine the level of assurance that a user's credential will not be exposed.
Problems or Threats
- Spoofing the user by acquiring access to the user's authentication credentials.
