Interop Req 1: Difference between revisions
m (16 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:01, 28 June 2018
<< Back to Baseline Functional Requirements Index
INTEROP-1. THIRD PARTY AUTHENTICATION
Entities MUST be capable of accepting external USERS authenticated by THIRD-PARTIES.
SUPPLEMENTAL GUIDANCE
This Requirement applies to RELYING-PARTY consumers (i.e., entities making access control decisions) of a THIRD-PARTY authentication and requires such entities to be capable of accepting identities authenticated by multiple (i.e., more than one THIRD-PARTY), but does not require that all authenticated identities be accepted if their policies/business rules do not permit. RELYING-PARTIES that use portals, service providers, or transaction intermediaries would meet this Requirement if they can accept identities authenticated by THIRD-PARTIES, even if those RELYING-PARTIES do not consume tokens directly. (For example, RELYING-PARTIES satisfy this Requirement either by accepting and consuming identity assertions in nonproprietary published formats directly (such as SAML or another protocol to convey the authentication status), or by receiving them via an intermediate who accepts and consumes those assertions for them.)
Regarding "nonproprietary published formats", see Appendix A.
REFERENCES AND GUIDANCE
National Strategy for Trusted Identities in Cyberspace (2012), https://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf
APPLIES TO ACTIVITIES
KEYWORDS
INTERMEDIARIES, INTEROPERABILITY, THIRD-PARTIES
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |