Difference between revisions of "Software Statement"
From MgmtWiki
(→Context) |
(→Context) |
||
Line 2: | Line 2: | ||
A json document that describes the provenance, certification and operational environment of an implementation of a software package on a computing machine. | A json document that describes the provenance, certification and operational environment of an implementation of a software package on a computing machine. | ||
==Context== | ==Context== | ||
+ | # The context is a computing machine, like a [[Smart Phone]], in the possession of the user that allows the user to load [[Native App]]s. | ||
# In determining an authentication assurance level (NIST 800-63-3B AAL2 or 3) a website needs to see some sort of attestation statement that can be used to determine the level of assurance that a user's credential will not be exposed. | # In determining an authentication assurance level (NIST 800-63-3B AAL2 or 3) a website needs to see some sort of attestation statement that can be used to determine the level of assurance that a user's credential will not be exposed. | ||
+ | |||
==Problems or Threats== | ==Problems or Threats== | ||
# Spoofing the user by acquiring access to the user's authentication credentials. | # Spoofing the user by acquiring access to the user's authentication credentials. |
Revision as of 15:46, 20 February 2020
Full Title or Meme
A json document that describes the provenance, certification and operational environment of an implementation of a software package on a computing machine.
Context
- The context is a computing machine, like a Smart Phone, in the possession of the user that allows the user to load Native Apps.
- In determining an authentication assurance level (NIST 800-63-3B AAL2 or 3) a website needs to see some sort of attestation statement that can be used to determine the level of assurance that a user's credential will not be exposed.
Problems or Threats
- Spoofing the user by acquiring access to the user's authentication credentials.