Federation Assurance Level 3
From MgmtWiki
Full Title
These proposed requirements are created with the goal of establishing Specifications to achieve Federation Assurance Level 3.
Context
- NIST SP 800-63-3C
- NISt has required comments as to the need for a revision 4 of 800-63 which is sure to make changes in last 2021 that need to be accommodated. These requirements look forward to those changes.
Terminology
Problems
- The spec deliberately conflates CSP with IdP. That seems to disallow the user of Self-issued Identifier or Self-Sovereign Identity.
For Today
- Any solutiotion must allow for Self-issued Identifier or Self-Sovereign Identity.
For the Future
- Fix the spec to explicitly allow Self-issued Identifier or Self-Sovereign Identity.