Interop Req 1
<< Back to Baseline Functional Requirements Index
INTEROP-1. THIRD PARTY AUTHENTICATION
This Requirement applies to RELYING-PARTY consumers (i.e., entities making access control decisions) of a THIRD-PARTY authentication and requires such entities to be capable of accepting identities authenticated by multiple (i.e., more than one THIRD-PARTY), but does not require that all authenticated identities be accepted if their policies/business rules do not permit. RELYING-PARTIES that use portals, service providers, or transaction intermediaries would meet this Requirement if they can accept identities authenticated by THIRD-PARTIES, even if those RELYING-PARTIES do not consume tokens directly. (For example, RELYING-PARTIES satisfy this Requirement either by accepting and consuming identity assertions in nonproprietary published formats directly (such as SAML or another protocol to convey the authentication status), or by receiving them via an intermediate who accepts and consumes those assertions for them.)
Regarding "nonproprietary published formats", see Appendix A.
REFERENCES AND GUIDANCE
National Strategy for Trusted Identities in Cyberspace (2012), https://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf