Difference between revisions of "Federation Assurance Level 3"
From MgmtWiki
(→Problems) |
(→Terminology) |
||
Line 6: | Line 6: | ||
* NISt has required comments as to the need for a revision 4 of 800-63 which is sure to make changes in last 2021 that need to be accommodated. These requirements look forward to those changes. | * NISt has required comments as to the need for a revision 4 of 800-63 which is sure to make changes in last 2021 that need to be accommodated. These requirements look forward to those changes. | ||
− | ==Terminology== | + | ===Terminology=== |
+ | |||
+ | ===Use Case=== | ||
+ | * [https://www.deadiversion.usdoj.gov/fed_regs/rules/2020/fr0421_3.htm Federal Register Notices > Rules - 2020 > Electronic Prescriptions for Controlled Substances] accepted change request through 2020-06-22. No new rule is know at this time. | ||
==Problems== | ==Problems== |
Revision as of 15:49, 24 September 2020
Contents
Full Title
These proposed requirements are created with the goal of establishing Specifications to achieve Federation Assurance Level 3.
Context
- NIST SP 800-63-3C
- NISt has required comments as to the need for a revision 4 of 800-63 which is sure to make changes in last 2021 that need to be accommodated. These requirements look forward to those changes.
Terminology
Use Case
- Federal Register Notices > Rules - 2020 > Electronic Prescriptions for Controlled Substances accepted change request through 2020-06-22. No new rule is know at this time.
Problems
- The spec deliberately conflates CSP with IdP. That seems to disallow the user of Self-issued Identifier or Self-Sovereign Identity.
For Today
- Any solutiotion must allow for Self-issued Identifier or Self-Sovereign Identity.
For the Future
- Fix the spec to explicitly allow Self-issued Identifier or Self-Sovereign Identity.