Interop Req 1

From IDESG Wiki
Jump to: navigation, search

<< Back to Baseline Functional Requirements Index

INTEROP-1. THIRD PARTY AUTHENTICATION

Entities MUST be capable of accepting external USERS authenticated by THIRD-PARTIES.

SUPPLEMENTAL GUIDANCE

This Requirement applies to RELYING-PARTY consumers (i.e., entities making access control decisions) of a THIRD-PARTY authentication and requires such entities to be capable of accepting identities authenticated by multiple (i.e., more than one THIRD-PARTY), but does not require that all authenticated identities be accepted if their policies/business rules do not permit. RELYING-PARTIES that use portals, service providers, or transaction intermediaries would meet this Requirement if they can accept identities authenticated by THIRD-PARTIES, even if those RELYING-PARTIES do not consume tokens directly. (For example, RELYING-PARTIES satisfy this Requirement either by accepting and consuming identity assertions in nonproprietary published formats directly (such as SAML or another protocol to convey the authentication status), or by receiving them via an intermediate who accepts and consumes those assertions for them.)

Regarding "nonproprietary published formats", see Appendix A.

REFERENCES AND GUIDANCE

National Strategy for Trusted Identities in Cyberspace (2012), https://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf

APPLIES TO ACTIVITIES

AUTHORIZATION

KEYWORDS

INTERMEDIARIES, INTEROPERABILITY, THIRD-PARTIES



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |