Difference between revisions of "Assurance"
From MgmtWiki
(→Solutions) |
(→Solutions) |
||
| Line 18: | Line 18: | ||
* AAL3 ==> U2F | * AAL3 ==> U2F | ||
| − | + | The best source of [[Truth]] about an [[Identity]] is obtained by documentation of the [[Identity Proofing]] process. | |
==References== | ==References== | ||
Revision as of 06:29, 8 August 2018
Full Title or Meme
The level of trust that can be afforded a claim of an Identifier or Attribute.
Context
- Some means for assuring the Web Site Security is required. See that page for details.
- The rest of this page is about establishing a level of assurance for Personal Information about a User also known as a Subject.
- NIST 800-63-3
Problems
- In contexts where names are not validated (of low Assurance) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.[1]
Solutions
A rather facile mapping of the NIST levels of Assurance to the processes known today is:
- AAL1 ==> password
- AAL2 ==> 2FA
- AAL3 ==> U2F
The best source of Truth about an Identity is obtained by documentation of the Identity Proofing process.
References
- Synonyms include: Validated.
