Federation Assurance Level 3

From MgmtWiki
Revision as of 14:50, 24 September 2020 by Tom (talk | contribs) (Use Case)

Jump to: navigation, search

Full Title

These proposed requirements are created with the goal of establishing Specifications to achieve Federation Assurance Level 3.

Context

  • NIST SP 800-63-3C
  • NISt has required comments as to the need for a revision 4 of 800-63 which is sure to make changes in last 2021 that need to be accommodated. These requirements look forward to those changes.

Terminology

Use Case

Problems

  1. The spec deliberately conflates CSP with IdP. That seems to disallow the user of Self-issued Identifier or Self-Sovereign Identity.

For Today

  1. Any solutiotion must allow for Self-issued Identifier or Self-Sovereign Identity.

For the Future

  1. Fix the spec to explicitly allow Self-issued Identifier or Self-Sovereign Identity.

References