Tomjones at 23:02, 18 February 2021

2021-02-18T23:02:07Z

← Older revision		Revision as of 23:02, 18 February 2021
Line 75:		Line 75:
	[[Category:Assurance]]		[[Category:Assurance]]
	[[Category:Authentication]]		[[Category:Authentication]]
			[[Category:Government]]

Tomjones at 21:36, 10 January 2020

2020-01-10T21:36:48Z

← Older revision		Revision as of 21:36, 10 January 2020
Line 18:		Line 18:
	proofing, registration, tokens, management processes, authentication protocols and assertion mechanisms.		proofing, registration, tokens, management processes, authentication protocols and assertion mechanisms.
	<br />		<br />

	'''Privacy''': Advises agencies to reference OMB Guidance for Implementing the Privacy Provisions of the E-Government		'''Privacy''': Advises agencies to reference OMB Guidance for Implementing the Privacy Provisions of the E-Government
	Act of 2002 [OMB M-03-22]. Subscribers are assumed to trust relying parties to follow "all relevant privacy		Act of 2002 [OMB M-03-22]. Subscribers are assumed to trust relying parties to follow "all relevant privacy
Line 33:		Line 34:
	promotes interoperability by providing a baseline set of requirements for diverse Identity Management		promotes interoperability by providing a baseline set of requirements for diverse Identity Management
	systems.		systems.
			* [[ISO/IEC 29115 Entity Authentication Assurance]] was derived from this standard.

	<br />		<br />

Tomjones at 21:34, 10 January 2020

2020-01-10T21:34:25Z

← Older revision		Revision as of 21:34, 10 January 2020
Line 71:		Line 71:

	[[Category:Standards]]		[[Category:Standards]]
	[[Category:~~Security Control Implementation Guide~~]]		[[Category:Assurance]]
			[[Category:Authentication]]

Omaerz: 13 revisions imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:02:20Z

13 revisions imported: Initial Upload of old pages from IDESG Wiki

New page

'''Title''': Electronic Authentication Guideline

 
'''Category''': Security Control Implementation Guide

 
'''Date''': 12/1/2011

 
'''Creator''': NIST

 
'''URL''': http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf

 
'''Description''': Technical guidelines for Federal agencies implementing electronic authentication. The document lists
technical requirements for the four levels assurance defined in OMB M-04-04 in the areas of identity
proofing, registration, tokens, management processes, authentication protocols and assertion mechanisms.
 
'''Privacy''': Advises agencies to reference OMB Guidance for Implementing the Privacy Provisions of the E-Government
Act of 2002 [OMB M-03-22]. Subscribers are assumed to trust relying parties to follow "all relevant privacy
policy." PII gathered during registration is required to be protected. The document also defines "private
credentials", which are credentials that cannot be disclosed without compromising the token (such as
symmetric keys). There is discussion of when Relying Parties may operate anonymously, and discussion of
how pseudonymity may be achieved.

 
'''Security''': The document is an information security guideline. The requirements in the document are grouped into four
assurance levels that provide increasing levels of trust in the authentication process.

 
'''Interoperability''': The purpose of the document is to provide sets of requirements for the OMB-04-04 Levels of Assurance. It
promotes interoperability by providing a baseline set of requirements for diverse Identity Management
systems.

 
'''Terms''': [[Active Attack]], [[Address Of Record]], [[Approved]], [[Applicant]], [[Assertion]], [[Assertion Reference]], [[Assurance]],
[[Asymmetric Keys]], [[Attack]], [[Attacker]], [[Attribute]], [[Authentication]], [[Authentication Protocol]],
[[Authentication Protocol Run]], [[Authentication Secret]], [[Authenticity]],
[[Bearer Assertion]], [[Bit, Biometrics]], [[Certificate Authority]],
[[Certificate Revocation List]], [[Challenge-response Protocol]], [[Claimant]],
[[Claimed Address]],
[[Completely Automated Public Turing Test To Tell Computers And Humans Apart]], [[Cookie]], [[Credential]], [[Credential Service Provider]],
[[Cross Site Request Forgery]], [[Cross Site Scripting]], [[Cryptographic Key]],
[[Cryptographic Token]], [[Data Integrity]], [[Derived Credential]],
[[Digital Signature]], [[Eavesdropping Attack]],
[[Electronic Authentication(e-authentication)]], [[Entropy]],
[[Extensible Markup Language]], [[Federal Bridge Certification Authority]],
[[Federal Information Security Management Act]],
[[Federal Information Processing Standard]], [[Guessing Entropy]],
[[Hash Function]], [[Holder-of-key Assertion]], [[Identity]], [[Identity Proofing]], [[Kerberos]], [[Knowledge Based Authentication]],
[[Man-in-the-middle Attack]], [[Message Authentication Code]], [[Min-entropy]], [[Multi-factor]], [[Network]], [[Nonce]],
[[Off-line Attack]], [[Online Attack]], [[Online Guessing Attack]],
[[Passive Attack]], [[Password]], [[Personal Identification Number]],
[[Personal Identity Verification Card]], [[Personally Identifiable Information]], [[Pharming]], [[Phishing]],
[[Possession And Control Of A Token]], [[Practice Statement]],
[[Private Credentials]], [[Private Key]], [[Protected Session]], [[Pseudonym]],
[[Public Credentials]], [[Public Key]], [[Public Key Certificate]],
[[Public Key Infrastructure]], [[Registration]],
[[Registration Authority]], [[Relying Party]], [[Remote]], [[Replay Attack]],
[[Risk Assessment]], [[Salt]], [[Secondary Authenticator]],
[[Secure Sockets Layer]], [[Security Assertion Markup Language]],
[[SAML Authentication Assertion]], [[Session Hijack Attack]], [[Shared Secret]], [[Social Engineering]], [[Special Publication]], [[Strongly Bound Credentials]], [[Subscriber]],
[[Symmetric Key]], [[Token]], [[Token Authenticator]], [[Token Secret]],
[[Transport Layer Security]], [[Trust Anchor]],
[[Unverified Name]], [[Valid]], [[Verified Name]], [[Verifier]],
[[Verifier Impersonation Attack]], [[Weakly Bound Credentials]],
[[Zeroize]]

[[Category:Standards]]
[[Category:Security Control Implementation Guide]]

NIST SP 800-63-2 - Revision history

Tomjones at 23:02, 18 February 2021

Tomjones at 21:36, 10 January 2020

Tomjones at 21:34, 10 January 2020

Omaerz: 13 revisions imported: Initial Upload of old pages from IDESG Wiki