Difference between revisions of "Federation Assurance Level 3"

From MgmtWiki
Jump to: navigation, search
(For the Future)
(Problems)
Line 9: Line 9:
  
 
==Problems==
 
==Problems==
# The spec deliverable conflicts CSP with IdP. That seems to disallow the user of [[Self-issued Identifier]] or [[Self-Sovereign Identity]].
+
# The spec deliberately conflates CSP with IdP. That seems to disallow the user of [[Self-issued Identifier]] or [[Self-Sovereign Identity]].
  
 
==For Today==
 
==For Today==

Revision as of 14:43, 24 September 2020

Full Title

These proposed requirements are created with the goal of establishing Specifications to achieve Federation Assurance Level 3.

Context

  • NIST SP 800-63-3C
  • NISt has required comments as to the need for a revision 4 of 800-63 which is sure to make changes in last 2021 that need to be accommodated. These requirements look forward to those changes.

Terminology

Problems

  1. The spec deliberately conflates CSP with IdP. That seems to disallow the user of Self-issued Identifier or Self-Sovereign Identity.

For Today

  1. Any solutiotion must allow for Self-issued Identifier or Self-Sovereign Identity.

For the Future

  1. Fix the spec to explicitly allow Self-issued Identifier or Self-Sovereign Identity.

References