Difference between revisions of "Federation Assurance Level 3"
From MgmtWiki
(→Terminology) |
(→Use Case) |
||
| Line 9: | Line 9: | ||
===Use Case=== | ===Use Case=== | ||
| − | * [https://www.deadiversion.usdoj.gov/fed_regs/rules/2020/fr0421_3.htm Federal Register Notices > Rules - 2020 > Electronic Prescriptions for Controlled Substances] accepted change | + | * [https://www.deadiversion.usdoj.gov/fed_regs/rules/2020/fr0421_3.htm Federal Register Notices > Rules - 2020 > Electronic Prescriptions for Controlled Substances] accepted change requests through 2020-06-22. No new rule is known at this time. |
==Problems== | ==Problems== | ||
Revision as of 15:50, 24 September 2020
Contents
Full Title
These proposed requirements are created with the goal of establishing Specifications to achieve Federation Assurance Level 3.
Context
- NIST SP 800-63-3C
- NISt has required comments as to the need for a revision 4 of 800-63 which is sure to make changes in last 2021 that need to be accommodated. These requirements look forward to those changes.
Terminology
Use Case
- Federal Register Notices > Rules - 2020 > Electronic Prescriptions for Controlled Substances accepted change requests through 2020-06-22. No new rule is known at this time.
Problems
- The spec deliberately conflates CSP with IdP. That seems to disallow the user of Self-issued Identifier or Self-Sovereign Identity.
For Today
- Any solutiotion must allow for Self-issued Identifier or Self-Sovereign Identity.
For the Future
- Fix the spec to explicitly allow Self-issued Identifier or Self-Sovereign Identity.
