NIST SP 800-63-3 #idcon vol.22

•

1 like•1,308 views

SP 800-63-3 is an update to NIST's digital identity guidelines. It introduces a new framework that separates assurance levels into three components: Identity Assurance Level (IAL), Authenticator Assurance Level (AAL), and Federation Assurance Level (FAL). This provides more flexibility and granularity over the previous version's single Level of Assurance (LOA). The document outlines the recommended requirements and mappings between the new IAL, AAL, FAL framework and the legacy LOA model from SP 800-63-2.

Technology

SP 800-63-3
- Digital Authentication Guideline -
Nov Matake

Nov Matake
• OpenID Foundation Japan
•
•
• WG
• #idcon
• OAuth.jp
• YAuth.jp

GOAL
• SP 800-63-2
• SP 800-63-3
• SP 800-63-3
• SP 800-63

https://openid-foundation-japan.github.io/800-63-3/

• SP 800-63-3 (@nov)
• Digital Authentication Guideline
• SP 800-63A (@sami_mkw_ + @nov)
• Enrollment & Identity Proofing
• SP 800-63B (@kthrtty + @hitok_)
• Authentication & Lifecycle Management
• SP 800-63C (@nov)
• Federation & Assertions

https://github.com/openid-foundation-japan/800-63-3
SP 800-63-3
https://github.com/usnistgov/800-63-3

SP 800-63-3
- Digital Authentication Guideline -

SP 800-63-3
• M-04-04 Level of Assurance (LOA) 3
• Identity Assurance Level (IAL)
• Authenticator Assurance Level (AAL)
• Federation Assurance Level (FAL)
• Assurance Level
• Assurance Level
• IAL=63A / AAL=63B / FAL=63C

SP 800-63-2
• 5 LOA Lv1-Lv4
• Identity Proofing
• Token
• Token and Credential Management
• Authentication Process
• Assertion
• 63-2 1 Level (LOA)
• 63-3 1 Level (LOA) 3 Level (xAL)

Identity Assurance Level (IAL)
• Identity Proofing Assurance Level
• Lv.1
• Identity Proofing
• Lv.2
• Identity Proofing
• Lv.3
• Identity Proofing

Authenticator Assurance Level
(AAL)
• Authentication Process Assurance Level
• Authenticator
• Lv.1
• Single Factor Authentication OK
• Lv.2
• Two Factor Authentication
• 2 Authenticator Software OK
• Lv.3
• Hardware Authenticator Two Factor Authentication

Federation Assurance Level
(FAL)
• ...
• Assertion
• (ID Token etc.)
• Artifact (a.k.a. Handle / Assertion Reference)
• Assertion (Authorization Code etc.)
• Front-channel Presentation
• Assertion User Agent Assertion (Implicit Flow
etc.)
• Back-channel Presentation
• User Agent Artifact Assertion (Code Flow etc.)

Federation Assurance Level
(FAL)
• Federation Assurance Level
• Federation Assertion / Artifact
• Lv.1
• Front-channel / Back-channel Assertion
• Lv.2
• Lv1 Front-channel Assertion
• Lv.3
• Lv.2 Back-channel Assertion
• Lv.4
• Lv.3 Holder-of-Key Assertion (Proof-of-Posession)

Recommended M-04-04 Requirements
LOA IAL AAL FAL
1 1 1, 2 or 3 1, 2, 3 or 4
2 1 or 2 2 or 3 2, 3 or 4
3 1 or 2 2 or 3 2, 3 or 4
4 1, 2 or 3 3 3 or 4
Legacy M-04-04 Requirements
LOA IAL AAL FAL
1 1 1 1
2 2 2 or 3 2
3 2 2 or 3 2
4 3 3 4

Legacy M-04-04 Requirements
(SP 800-63-2 )
↓
↓
Identity Proofing LOA1
LOA1

Recommended M-04-04 Requirements
(SP 800-63-3 )
↓
↓
Identity Proofing (IAL 1)
(AAL 2) LOA 3

What's hot

The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome. In this deck, we discuss: - The need for API/Microservices Security - The importance of delegating security enforcement to an API Gateway - API Authentication and Authorization methodologies - OAuth2 - The de-facto standard of API Authentication - Protection against cyber attacks and anomalies - Security aspects to consider when designing Single Page Applications (SPAs) Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/

API Security In Cloud Native Era

WSO2

Implementing WebAuthn & FAPI supports on Keycloak

Yuichi Nakamura

IDP Proxy Concept: Accessing Identity Data Sources Everywhere!

ForgeRock

Information is the new currency and as more “things” come online the volume of data will dramatically increase. Typically, this data is stored in multiple repositories and different personas have different levels of access. In this webinar, which was recorded on August 18th, 2015, you can learn how to answer key questions to today’s tough challenges: How do we keep sensitive data, secure it and make it accessible? How do we manage authorization policies related to this data? How do we manage entitlements for not only web apps, but also users, devices and things? ForgeRock’s Senior Software Developer, Andy Forrest, discussed the challenges and solutions surrounding Entitlements.

Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"

ForgeRock

OpenId Connect in Shibboleth Identity Provider

Misagh Moayyed

The Future is Now: What’s New in ForgeRock Access Management

ForgeRock

Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...

mfrancis

Pimping the ForgeRock Identity Platform for a Billion Users

ForgeRock

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

Ajin Abraham

Webinar: Customer Scale

ForgeRock

NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy

ForgeRock

[OPD 2019] Top 10 Security Facts of 2020

OWASP

ForgeRock Platform Release - Summer 2016

ForgeRock

Checkmarx meetup API Security - API Security top 10 - Erez Yalon

Adar Weidman

This session covers the challenges that online retailer “Band Materials” now face as the business grows and the external customer base increases to internet scale. What steps can the management take to transform their customer identity landscape? This backstage tour will cover the live deployment and configuration of components within the ForgeRock Identity Platform. The session includes interactive discussion and feature: - Single View of the Customer - Social media registration - Multi-Factor Single Sign On - Consent driven sharing - IoT integration You will leave the tour with a good understanding of how to deploy large scale digital identity projects and where you should start.

Backstage Tour of Identity - London Identity Summit

ForgeRock

Mobile Application market is growing like anything and so is the Mobile Security industry. With lots of frequent application releases and updates happening, conducting the complete security analysis of mobile applications becomes time consuming and cumbersome. In this talk I will introduce an extendable, and scalable web framework called Mobile Security Framework (https://github.com/ajinabraham/YSO-Mobile-Security-Framework) for Security analysis of Mobile Applications. Mobile Security Framework is an intelligent and automated open source mobile application (Android/iOS) pentesting and binary/code analysis framework capable of performing static and dynamic analysis. It supports Android and iOS binaries as well as zipped source code. During the presentation, I will demonstrates some of the issues identified by the tool in real world android applications. The latest Dynamic Analyzer module will be released at OWASP AppSec. Attendees Benefits * An Open Source framework for Automated Mobile Security Assessment. * One Click Report Generation and Security Assessment. * Framework can be deployed at your own environment so that you have complete control of the data. The data/report stays within the organisation and nothing is stored in the cloud. * Supports both Android and iOS Applications. * Semi Automatic Dynamic Analyzer for intelligent application logic based (whitebox) security assessment.

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

Ajin Abraham

It’s no secret that Identity Management is a key component to any modern identity solution. Organizations need to easily provision, de-provision and perform synchronization & reconciliation tasks across not just users, but devices and things as well. The future of Identity Management will require the unique flexibility of a service based approach with custom configurable administrative and self-service capabilities that can handle any kind of Identity. Find out more about how all forms of identity (business, consumer and device) can by centralized, normalized, coordinated and managed by policy - and automated to ensure a consistent experience that complies with regulations and policies. Discover how ForgeRock can help you deliver Identity Management the right way to your customers, partners and employees. Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

Identity Management with the ForgeRock Identity Platform - So What’s New?

ForgeRock

Scripting extends ForgeRock products in a powerful way, both for deployers as well as developers. For OpenAM, deployers can embed the ssoadm command line utility in comprehensive shells scripts for ultra fast deployments and configurations. Developers can use scripts for client-side and server-side authentication, policy conditions, and handling OpenID Connect claims. In OpenIDM, scripting allows you to customize various aspects of OpenIDM functionality, by providing custom logic between source and target mappings, defining correlation rules, filters, triggers, and more. Webinar Highlights: Scripting The ForgeRock Platform Q&A Join Anders Askåsen, Senior Technical Product Manager, and Javed Shah, Senior Sales Engineer, as they highlight the concepts and show examples and best practices for scripting with the ForgeRock Identity Platform.

Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting

ForgeRock

How can you deliver a secure product

Michael Furman

Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...

ForgeRock

What's hot (20)

API Security In Cloud Native Era

Implementing WebAuthn & FAPI supports on Keycloak

IDP Proxy Concept: Accessing Identity Data Sources Everywhere!

Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"

OpenId Connect in Shibboleth Identity Provider

The Future is Now: What’s New in ForgeRock Access Management

Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...

Pimping the ForgeRock Identity Platform for a Billion Users

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

Webinar: Customer Scale

NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy

[OPD 2019] Top 10 Security Facts of 2020

ForgeRock Platform Release - Summer 2016

Checkmarx meetup API Security - API Security top 10 - Erez Yalon

Backstage Tour of Identity - London Identity Summit

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

Identity Management with the ForgeRock Identity Platform - So What’s New?

Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting

How can you deliver a secure product

Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...

Viewers also liked

NIST SP 800-63A #idcon vol.22

Sami Maekawa

Dynamic federation

danb02

Account Chooser #idit2012

Nov Matake

Learn about a convenient and secure alternative to passwords that also protects consumers privacy on their mobile phones. The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.

Mobile Connect and the FIDO standards

FIDO Alliance

FIDO, Strong Authentication and elD in Germany

FIDO Alliance

Worldpay – FIDO-enabled Point of Sale

FIDO Alliance

Introduction to FIDO Alliance

FIDO Alliance

FIDO & GSMA Mobile Connect

FIDO Alliance

FIDO & Strong Authentication Technology Landscape

FIDO Alliance

FIDO Specifications Overview: UAF & U2F

FIDO Alliance

アイデンティティ2.0とOAuth/OpenID Connect

Shinichi Tomita

利用者本位のAPI提供に向けたアイデンティティ (ID) 標準仕様の動向

Tatsuo Kudo

Introduction to OpenID Connect

Nat Sakimura

認証技術、デジタルアイデンティティ技術の最新動向

Tatsuo Kudo

Viewers also liked (14)

NIST SP 800-63A #idcon vol.22

Dynamic federation

Account Chooser #idit2012

Mobile Connect and the FIDO standards

FIDO, Strong Authentication and elD in Germany

Worldpay – FIDO-enabled Point of Sale

Introduction to FIDO Alliance

FIDO & GSMA Mobile Connect

FIDO & Strong Authentication Technology Landscape

FIDO Specifications Overview: UAF & U2F

アイデンティティ2.0とOAuth/OpenID Connect

利用者本位のAPI提供に向けたアイデンティティ (ID) 標準仕様の動向

Introduction to OpenID Connect

認証技術、デジタルアイデンティティ技術の最新動向

Similar to NIST SP 800-63-3 #idcon vol.22

ID連携入門 (実習編) - Security Camp 2016

Nov Matake

Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624

Jean-François LOMBARDO

INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication

Sylvain Maret

Strong Authentication State of the Art 2012 / Sarajevo CSO

Sylvain Maret

INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication

Sylvain Maret

INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication

Sylvain Maret

#startathon2.0 - Spark Core

sl2square

議程會從 DevSecOps 開始，介紹如何將靜態安全測試（SAST）左移，導入開發流程中。開場簡介 DevSecOps，介紹如何在敏捷開發中導入資安。並且介紹在 CI/CD pipeline 中可以導入的資安項目。接著會以 SAST 為例來探討。分享整合開源工具的方法，以及實踐自動化和調整工具的經驗，來達到持續性、並且自動化的資安測試。 * DevSecOps Overview * Security in CI/CD pipeline * Open source SAST tools integration * Continuous Integration: SAST improvement and vulnerabilities triage

HITCON Defense Summit 2019 －從 SAST 談持續式資安測試

Secview

Rob Turner, Qualcomm Technologies Almost three decades since the Morris worm and we're still plagued by memory corruption vulnerabilities in C and C++ software. Exploit mitigations aim to make the exploitation of these vulnerabilities impossible or prohibitively expensive. However, modern exploits demonstrate that currently deployed countermeasures are insufficient. In ARMv8.3, ARM introduces a new hardware security feature, pointer authentication. With ARM and ARM partners, including Microsoft, we helped to design this feature. Designing a processor extension is challenging. Among other requirements, changes should be transparent to developers (except compiler developers), support both system and application code, interoperate with legacy software, and provide binary backward compatibility. This talk discusses the processor extension and explores the design trade-offs, such as the decision to prefer authentication over encryption and the consequences of small tags. Also, this talk provides a security analysis, and examines how these new instructions can robustly and efficiently implement countermeasures.

BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations

BlueHat Security Conference

Swiss Cyber Storm 3 Security Conference / OWASP Track Strong Authentication: State of the Art 2011 Risk Based Authentication Biometry - Match on Card OTP for Smartphones OTP SMS PKI SuisseID Mobile-OTP OATH (HOTP, TOTP, OCRA) Open Source approach How to integrate Strong Authentication in Web Application? OpenID, SAML, Identity Federation for Strong Authentication API, SDK, Agents, Web Services, Modules PAM, Radius, JAAS Reverse Proxy (WAF) and WebSSO PKI / SSL client authentication PHP example with Multi-OTP PHP class AppSec (Threat Modeling - OWASP)

Strong Authentication in Web Application #SCS III

Sylvain Maret

Gasimov Orkhan "Service Discovery and Coordination by Netflix Eureka and Spri...

LogeekNightUkraine

OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...

Andrejs Vorobjovs

SpringOne Platform 2016 Speaker: David Ferriera; Director, Cloud Technology, Forgerock Microservices architecture elevates the challenges for Authentication and Authorization management. When a single frontend request can result in many backend microservices calls, it is important to balance security and performance. ForgeRock provides a standards-based blueprint that provides a flexible solution for making these choices while protecting your Cloud Foundry services end to end.

An Authentication and Authorization Architecture for a Microservices World

VMware Tanzu

iOS In-App-Purchase verifying receipt locally in Swift

Kaz Yoshikawa

Spring Boot 1.3 News #渋谷Java

Toshiaki Maki

apidays Hong Kong 2022 - API-First Digital Transformation & Platform Economy August 24 & 25, 2022 Attack API Architecture Alvin Tam, EASG Committee at Hong Kong Computer Society ------------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/ Deep dive into the API industry with our reports: https://www.apidays.global/industry-reports/ Subscribe to our global newsletter: https://apidays.typeform.com/to/i1MPEW

apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...

apidays

Cloud Native Identity with SPIFFE

Prabath Siriwardena

Web Application Penetration Testing - 101

Andrea Hauser

Araport Workshop Tutorial 2: Authentication and the Agave Profiles Service

stevemock

IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile

Amazon Web Services Japan

Similar to NIST SP 800-63-3 #idcon vol.22 (20)

ID連携入門 (実習編) - Security Camp 2016

Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624

INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication

Strong Authentication State of the Art 2012 / Sarajevo CSO

INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication

INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication

#startathon2.0 - Spark Core

HITCON Defense Summit 2019 －從 SAST 談持續式資安測試

BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations

Strong Authentication in Web Application #SCS III

Gasimov Orkhan "Service Discovery and Coordination by Netflix Eureka and Spri...

OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...

An Authentication and Authorization Architecture for a Microservices World

iOS In-App-Purchase verifying receipt locally in Swift

Spring Boot 1.3 News #渋谷Java

apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...

Cloud Native Identity with SPIFFE

Web Application Penetration Testing - 101

Araport Workshop Tutorial 2: Authentication and the Agave Profiles Service

IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile

Recently uploaded

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Real Time Object Detection Using Open CV

Khem

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Exploring the Future Potential of AI-Enabled Smartphone Processors

CNv6 Instructor Chapter 6 Quality of Service

Scaling API-first – The story of a global engineering organization

Presentation on how to chat with PDF using ChatGPT code interpreter

Powerful Google developer tools for immediate impact! (2023-24 C)

Axa Assurance Maroc - Insurer Innovation Award 2024

A Domino Admins Adventures (Engage 2024)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

A Year of the Servo Reboot: Where Are We Now?

Real Time Object Detection Using Open CV

Advantages of Hiring UIUX Design Service Providers for Your Business

🐬 The future of MySQL is Postgres 🐘

08448380779 Call Girls In Friends Colony Women Seeking Men

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Handwritten Text Recognition for manuscripts and early printed texts

NIST SP 800-63-3 #idcon vol.22

1. SP 800-63-3 - Digital Authentication Guideline - Nov Matake

2. Nov Matake • OpenID Foundation Japan • • • WG • #idcon • OAuth.jp • YAuth.jp

3. GOAL • SP 800-63-2 • SP 800-63-3 • SP 800-63-3 • SP 800-63

4. https://openid-foundation-japan.github.io/800-63-3/

5. • SP 800-63-3 (@nov) • Digital Authentication Guideline • SP 800-63A (@sami_mkw_ + @nov) • Enrollment & Identity Proofing • SP 800-63B (@kthrtty + @hitok_) • Authentication & Lifecycle Management • SP 800-63C (@nov) • Federation & Assertions

6. https://github.com/openid-foundation-japan/800-63-3 SP 800-63-3 https://github.com/usnistgov/800-63-3

7. SP 800-63-3 - Digital Authentication Guideline -

8. SP 800-63-3 • M-04-04 Level of Assurance (LOA) 3 • Identity Assurance Level (IAL) • Authenticator Assurance Level (AAL) • Federation Assurance Level (FAL) • Assurance Level • Assurance Level • IAL=63A / AAL=63B / FAL=63C

9. SP 800-63-2 • 5 LOA Lv1-Lv4 • Identity Proofing • Token • Token and Credential Management • Authentication Process • Assertion • 63-2 1 Level (LOA) • 63-3 1 Level (LOA) 3 Level (xAL)

10. Identity Assurance Level (IAL) • Identity Proofing Assurance Level • Lv.1 • Identity Proofing • Lv.2 • Identity Proofing • Lv.3 • Identity Proofing

11. Authenticator Assurance Level (AAL) • Authentication Process Assurance Level • Authenticator • Lv.1 • Single Factor Authentication OK • Lv.2 • Two Factor Authentication • 2 Authenticator Software OK • Lv.3 • Hardware Authenticator Two Factor Authentication

12. Federation Assurance Level (FAL) • ... • Assertion • (ID Token etc.) • Artifact (a.k.a. Handle / Assertion Reference) • Assertion (Authorization Code etc.) • Front-channel Presentation • Assertion User Agent Assertion (Implicit Flow etc.) • Back-channel Presentation • User Agent Artifact Assertion (Code Flow etc.)

13. Federation Assurance Level (FAL) • Federation Assurance Level • Federation Assertion / Artifact • Lv.1 • Front-channel / Back-channel Assertion • Lv.2 • Lv1 Front-channel Assertion • Lv.3 • Lv.2 Back-channel Assertion • Lv.4 • Lv.3 Holder-of-Key Assertion (Proof-of-Posession)

14. Recommended M-04-04 Requirements LOA IAL AAL FAL 1 1 1, 2 or 3 1, 2, 3 or 4 2 1 or 2 2 or 3 2, 3 or 4 3 1 or 2 2 or 3 2, 3 or 4 4 1, 2 or 3 3 3 or 4 Legacy M-04-04 Requirements LOA IAL AAL FAL 1 1 1 1 2 2 2 or 3 2 3 2 2 or 3 2 4 3 3 4

15. Legacy M-04-04 Requirements (SP 800-63-2 ) ↓ ↓ Identity Proofing LOA1 LOA1

16. Recommended M-04-04 Requirements (SP 800-63-3 ) ↓ ↓ Identity Proofing (IAL 1) (AAL 2) LOA 3

17. LOA 3 IAL, AAL, FAL

18. LOA LOA IAL, AAL, FAL

NIST SP 800-63-3 #idcon vol.22

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (14)

Similar to NIST SP 800-63-3 #idcon vol.22

Similar to NIST SP 800-63-3 #idcon vol.22 (20)

More from Nov Matake

More from Nov Matake (20)

Recently uploaded

Recently uploaded (20)

NIST SP 800-63-3 #idcon vol.22