SP 800-63-3 - Digital Authentication Guideline - Nov Matake
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SP 800-63-3 - Digital Authentication Guideline -
Nov Matake
GOAL
• SP 800-63-2
• SP 800-63-3
• SP 800-63-3
• SP 800-63
https://openid-foundation-japan.github.io/800-63-3/
• SP 800-63-3 (@nov)
• Digital Authentication Guideline
• SP 800-63A (@sami_mkw_ + @nov)
• Enrollment & Identity Proofing
• SP 800-63B (@kthrtty + @hitok_)
• Authentication & Lifecycle Management
• SP 800-63C (@nov)
• Federation & Assertions
https://github.com/openid-foundation-japan/800-63-3
SP 800-63-3 https://github.com/usnistgov/800-63-3
SP 800-63-3 - Digital Authentication Guideline -
SP 800-63-3• M-04-04 Level of Assurance (LOA) 3
• Identity Assurance Level (IAL)
• Authenticator Assurance Level (AAL)
• Federation Assurance Level (FAL)
• Assurance Level
• Assurance Level
• IAL=63A / AAL=63B / FAL=63C
SP 800-63-2• 5 LOA Lv1-Lv4
• Identity Proofing
• Token
• Token and Credential Management
• Authentication Process
• Assertion
• 63-2 1 Level (LOA)
• 63-3 1 Level (LOA) 3 Level (xAL)
Identity Assurance Level (IAL)
• Identity Proofing Assurance Level
• Lv.1
• Identity Proofing
• Lv.2
• Identity Proofing
• Lv.3
• Identity Proofing
Authenticator Assurance Level (AAL)
• Authentication Process Assurance Level
• Authenticator
• Lv.1
• Single Factor Authentication OK
• Lv.2
• Two Factor Authentication
• 2 Authenticator Software OK
• Lv.3
• Hardware Authenticator Two Factor Authentication
Federation Assurance Level (FAL)
• ...
• Assertion
• (ID Token etc.)
• Artifact (a.k.a. Handle / Assertion Reference)
• Assertion (Authorization Code etc.)
• Front-channel Presentation
• Assertion User Agent Assertion (Implicit Flow etc.)
• Back-channel Presentation
• User Agent Artifact Assertion (Code Flow etc.)
Federation Assurance Level (FAL)
• Federation Assurance Level
• Federation Assertion / Artifact
• Lv.1
• Front-channel / Back-channel Assertion
• Lv.2
• Lv1 Front-channel Assertion
• Lv.3
• Lv.2 Back-channel Assertion
• Lv.4
• Lv.3 Holder-of-Key Assertion (Proof-of-Posession)
Recommended M-04-04 RequirementsLOA IAL AAL FAL
1 1 1, 2 or 3 1, 2, 3 or 4
2 1 or 2 2 or 3 2, 3 or 4
3 1 or 2 2 or 3 2, 3 or 4
4 1, 2 or 3 3 3 or 4
Legacy M-04-04 RequirementsLOA IAL AAL FAL
1 1 1 1
2 2 2 or 3 2
3 2 2 or 3 2
4 3 3 4
Legacy M-04-04 Requirements (SP 800-63-2 )
↓
↓ Identity Proofing LOA1
LOA1
Recommended M-04-04 Requirements (SP 800-63-3 )
↓
↓ Identity Proofing (IAL 1)
(AAL 2) LOA 3
LOA 3 IAL, AAL, FAL
LOA
LOA IAL, AAL, FAL
Related Documents
![Authenticating Cloud Storage with Distributed Credentials · Cleversafe Proprietary & Confidential . 19 References [1] Estimating password strength • NIST Special Publication 800-63,](https://static.cupdf.com/doc/110x72/5ffc96a749676b1704660322/authenticating-cloud-storage-with-distributed-cleversafe-proprietary-confidential.jpg)
![Third Party Assessment Organization (3PAO) …€¦ · Web view[NIST SP 800-63] State the eAuth Level, and provide sufficient details that justify this level, consistent with NIST](https://static.cupdf.com/doc/110x72/5f61492189ac427767549faa/third-party-assessment-organization-3pao-web-view-nist-sp-800-63-state-the-eauth.jpg)
