Difference between revisions of "Federation Assurance Level 3"
From MgmtWiki
(→For the Future) |
(→Problems) |
||
Line 9: | Line 9: | ||
==Problems== | ==Problems== | ||
− | # The spec | + | # The spec deliberately conflates CSP with IdP. That seems to disallow the user of [[Self-issued Identifier]] or [[Self-Sovereign Identity]]. |
==For Today== | ==For Today== |
Revision as of 15:43, 24 September 2020
Full Title
These proposed requirements are created with the goal of establishing Specifications to achieve Federation Assurance Level 3.
Context
- NIST SP 800-63-3C
- NISt has required comments as to the need for a revision 4 of 800-63 which is sure to make changes in last 2021 that need to be accommodated. These requirements look forward to those changes.
Terminology
Problems
- The spec deliberately conflates CSP with IdP. That seems to disallow the user of Self-issued Identifier or Self-Sovereign Identity.
For Today
- Any solutiotion must allow for Self-issued Identifier or Self-Sovereign Identity.
For the Future
- Fix the spec to explicitly allow Self-issued Identifier or Self-Sovereign Identity.