Level of Assurance: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
Federations are likely to specify a detailed set of criteria that apply to their particular circumstances. | Federations are likely to specify a detailed set of criteria that apply to their particular circumstances. | ||
===Healthcare=== | ===Healthcare=== | ||
* [https://healthcaresecprivacy.blogspot.com/2021/03/healthcare-use-of-identity-level-of.html?m=1 Healthcare Exchange Standards] Discussions of Interoperability Exchange, Privacy, and Security in Healthcare by John Moehrke -<blockquote>CyberPrivacy. Topics: Health Information Exchange, Document Exchange XDS/XCA/MHD, mHealth, Meaningful Use, Direct, Patient Identity, Provider Directories, FHIR, Consent, Access Control, Audit Control, Accounting of Disclosures, Identity, Authorization, Authentication, Encryption, Digital Signatures, Transport/Media Security, De-Identification, Pseudonymization, Anonymization, and Blockchain.</blockquote> | |||
* [https://www.c4tbh.org/wp-content/uploads/2020/04/ONC-identity13-Identity-and-Access-Management-for-Health-HIE.pdf National HIE Governance Forum - Identity and Access Management for Health Information Exchange] | * [https://www.c4tbh.org/wp-content/uploads/2020/04/ONC-identity13-Identity-and-Access-Management-for-Health-HIE.pdf National HIE Governance Forum - Identity and Access Management for Health Information Exchange] | ||
* [https://www.healthit.gov/sites/default/files/DirectTrust_Comments_MPN_041516.pdf Direct Trust response to Request for Information on Updates to ONC’s Voluntary Personal Health Record Model Privacy Notice, 2016-04239] | * [https://www.healthit.gov/sites/default/files/DirectTrust_Comments_MPN_041516.pdf Direct Trust response to Request for Information on Updates to ONC’s Voluntary Personal Health Record Model Privacy Notice, 2016-04239] | ||
Line 12: | Line 13: | ||
* [[NIST SP 800-63-1]] | * [[NIST SP 800-63-1]] | ||
* [[NIST SP 800-63-2]] | * [[NIST SP 800-63-2]] | ||
* [[ISO/IEC 29115 Entity Authentication Assurance]] - was based on 63-2, but has been withdrawn pending upcoming changes from NIST. | |||
* [[NIST SP 800-63-3]] | * [[NIST SP 800-63-3]] | ||
* [[NISTIR 8344]] a draft Ontology of Authentication release in 2021-02, comments due on 2021-04-09. It is expected that the ideas on IAA and OAA in tis doc will be carried forward to 63-4. | |||
* [[NISTIR 8344]] a draft Ontology of Authentication release in 2021-02, comments | |||
[[Category: Assurance]] | [[Category: Assurance]] |
Latest revision as of 00:39, 14 March 2021
Full Title
Early Identity Assurance combined Identity Proofing and Authentication into a single list of four Level of Assurance criteria.
Context
Specification from NIST and ISO are general and difficult to apply in real world situations.
Solutions
Federations are likely to specify a detailed set of criteria that apply to their particular circumstances.
Healthcare
- Healthcare Exchange Standards Discussions of Interoperability Exchange, Privacy, and Security in Healthcare by John Moehrke -
CyberPrivacy. Topics: Health Information Exchange, Document Exchange XDS/XCA/MHD, mHealth, Meaningful Use, Direct, Patient Identity, Provider Directories, FHIR, Consent, Access Control, Audit Control, Accounting of Disclosures, Identity, Authorization, Authentication, Encryption, Digital Signatures, Transport/Media Security, De-Identification, Pseudonymization, Anonymization, and Blockchain.
- National HIE Governance Forum - Identity and Access Management for Health Information Exchange
- Direct Trust response to Request for Information on Updates to ONC’s Voluntary Personal Health Record Model Privacy Notice, 2016-04239
References
- NIST SP 800-63-1
- NIST SP 800-63-2
- ISO/IEC 29115 Entity Authentication Assurance - was based on 63-2, but has been withdrawn pending upcoming changes from NIST.
- NIST SP 800-63-3
- NISTIR 8344 a draft Ontology of Authentication release in 2021-02, comments due on 2021-04-09. It is expected that the ideas on IAA and OAA in tis doc will be carried forward to 63-4.