Upload
nov-matake
View
467
Download
5
Embed Size (px)
Citation preview
• SP 800-63-3 (@nov)
• Digital Authentication Guideline
• SP 800-63A (@sami_mkw_ + @nov)
• Enrollment & Identity Proofing
• SP 800-63B (@kthrtty + @hitok_)
• Authentication & Lifecycle Management
• SP 800-63C (@nov)
• Federation & Assertions
https://github.com/openid-foundation-japan/800-63-3
SP 800-63-3 https://github.com/usnistgov/800-63-3
SP 800-63-3• M-04-04 Level of Assurance (LOA) 3
• Identity Assurance Level (IAL)
• Authenticator Assurance Level (AAL)
• Federation Assurance Level (FAL)
• Assurance Level
• Assurance Level
• IAL=63A / AAL=63B / FAL=63C
SP 800-63-2• 5 LOA Lv1-Lv4
• Identity Proofing
• Token
• Token and Credential Management
• Authentication Process
• Assertion
• 63-2 1 Level (LOA)
• 63-3 1 Level (LOA) 3 Level (xAL)
Identity Assurance Level (IAL)
• Identity Proofing Assurance Level
• Lv.1
• Identity Proofing
• Lv.2
• Identity Proofing
• Lv.3
• Identity Proofing
Authenticator Assurance Level (AAL)
• Authentication Process Assurance Level
• Authenticator
• Lv.1
• Single Factor Authentication OK
• Lv.2
• Two Factor Authentication
• 2 Authenticator Software OK
• Lv.3
• Hardware Authenticator Two Factor Authentication
Federation Assurance Level (FAL)
• ...
• Assertion
• (ID Token etc.)
• Artifact (a.k.a. Handle / Assertion Reference)
• Assertion (Authorization Code etc.)
• Front-channel Presentation
• Assertion User Agent Assertion (Implicit Flow etc.)
• Back-channel Presentation
• User Agent Artifact Assertion (Code Flow etc.)
Federation Assurance Level (FAL)
• Federation Assurance Level
• Federation Assertion / Artifact
• Lv.1
• Front-channel / Back-channel Assertion
• Lv.2
• Lv1 Front-channel Assertion
• Lv.3
• Lv.2 Back-channel Assertion
• Lv.4
• Lv.3 Holder-of-Key Assertion (Proof-of-Posession)
Recommended M-04-04 RequirementsLOA IAL AAL FAL
1 1 1, 2 or 3 1, 2, 3 or 4
2 1 or 2 2 or 3 2, 3 or 4
3 1 or 2 2 or 3 2, 3 or 4
4 1, 2 or 3 3 3 or 4
Legacy M-04-04 RequirementsLOA IAL AAL FAL
1 1 1 1
2 2 2 or 3 2
3 2 2 or 3 2
4 3 3 4