High Assurance AZ Token: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
(Created page with "==Full Title== Structure of a stand-alone Token that can provide high assurance of (1) Identity, (2) Authentication and (3) Federation. ==Context== *Existing standards for ide...")
 
Line 5: Line 5:
*To get high assurance identifiers, the web site that want the higher level of assurance (whether RP or IDP) will perform additional validation of the user with protocols like [[Fid 1.0]] or Web Authentication (aka Fido 2.0).
*To get high assurance identifiers, the web site that want the higher level of assurance (whether RP or IDP) will perform additional validation of the user with protocols like [[Fid 1.0]] or Web Authentication (aka Fido 2.0).
==Problems==
==Problems==
* The IdP needs to be trusted by the RP. That can be difficult to achieve when the RP has the high value resource that the user want to access.
==Proposed Solution==
==Proposed Solution==
==References==
==References==

Revision as of 03:40, 5 March 2020

Full Title

Structure of a stand-alone Token that can provide high assurance of (1) Identity, (2) Authentication and (3) Federation.

Context

  • Existing standards for identifier tokens are based on the assurance of the trust of the Relying Party (aka client) in the tokens produced by the Identifier provider, typically on of the well-known social sites.
  • To get high assurance identifiers, the web site that want the higher level of assurance (whether RP or IDP) will perform additional validation of the user with protocols like Fid 1.0 or Web Authentication (aka Fido 2.0).

Problems

  • The IdP needs to be trusted by the RP. That can be difficult to achieve when the RP has the high value resource that the user want to access.

Proposed Solution

References