NISTIR 8344: Difference between revisions
(Created page with "==Full title== Ontology for Authentication ==Contexxt== ===Status=== Draft published 2021-02 ===Category=== NIST Information Technology Laboratory - COMPUTER SECURITY RESOURC...") |
(→Status) |
||
Line 4: | Line 4: | ||
==Contexxt== | ==Contexxt== | ||
===Status=== | ===Status=== | ||
Draft published 2021-02 | Draft published 2021-02. Responses due 2021-04-09 | ||
===Category=== | ===Category=== | ||
NIST Information Technology Laboratory - COMPUTER SECURITY RESOURCE CENTER - Internal Report | NIST Information Technology Laboratory - COMPUTER SECURITY RESOURCE CENTER - Internal Report |
Latest revision as of 00:27, 14 March 2021
Full title
Ontology for Authentication
Contexxt
Status
Draft published 2021-02. Responses due 2021-04-09
Category
NIST Information Technology Laboratory - COMPUTER SECURITY RESOURCE CENTER - Internal Report
Description: Technical guidelines for Federal agencies implementing electronic authentication. The document lists
technical requirements for the four levels assurance defined in OMB M-04-04 in the areas of identity
proofing, registration, tokens, management processes, authentication protocols and assertion mechanisms.
Privacy: Advises agencies to reference OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 [OMB M-03-22]. Subscribers are assumed to trust relying parties to follow "all relevant privacy policy." PII gathered during registration is required to be protected. The document also defines "private credentials", which are credentials that cannot be disclosed without compromising the token (such as symmetric keys). There is discussion of when Relying Parties may operate anonymously, and discussion of how pseudonymity may be achieved.
Security: The document is an information security guideline. The requirements in the document are grouped into four
assurance levels that provide increasing levels of trust in the authentication process.
Interoperability: The purpose of the document is to provide sets of requirements for the OMB-04-04 Levels of Assurance. It
promotes interoperability by providing a baseline set of requirements for diverse Identity Management
systems.