Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

NIST SP 800-63-3 #idcon vol.22

Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Cargando en…3
×

Eche un vistazo a continuación

1 de 18 Anuncio
Anuncio

Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (14)

Anuncio

Similares a NIST SP 800-63-3 #idcon vol.22 (20)

Más de Nov Matake (20)

Anuncio

Más reciente (20)

NIST SP 800-63-3 #idcon vol.22

  1. 1. SP 800-63-3 - Digital Authentication Guideline - Nov Matake
  2. 2. Nov Matake • OpenID Foundation Japan • • • WG • #idcon • OAuth.jp • YAuth.jp
  3. 3. GOAL • SP 800-63-2 • SP 800-63-3 • SP 800-63-3 • SP 800-63
  4. 4. https://openid-foundation-japan.github.io/800-63-3/
  5. 5. • SP 800-63-3 (@nov) • Digital Authentication Guideline • SP 800-63A (@sami_mkw_ + @nov) • Enrollment & Identity Proofing • SP 800-63B (@kthrtty + @hitok_) • Authentication & Lifecycle Management • SP 800-63C (@nov) • Federation & Assertions
  6. 6. https://github.com/openid-foundation-japan/800-63-3 SP 800-63-3 https://github.com/usnistgov/800-63-3
  7. 7. SP 800-63-3 - Digital Authentication Guideline -
  8. 8. SP 800-63-3 • M-04-04 Level of Assurance (LOA) 3 • Identity Assurance Level (IAL) • Authenticator Assurance Level (AAL) • Federation Assurance Level (FAL) • Assurance Level • Assurance Level • IAL=63A / AAL=63B / FAL=63C
  9. 9. SP 800-63-2 • 5 LOA Lv1-Lv4 • Identity Proofing • Token • Token and Credential Management • Authentication Process • Assertion • 63-2 1 Level (LOA) • 63-3 1 Level (LOA) 3 Level (xAL)
  10. 10. Identity Assurance Level (IAL) • Identity Proofing Assurance Level • Lv.1 • Identity Proofing • Lv.2 • Identity Proofing • Lv.3 • Identity Proofing
  11. 11. Authenticator Assurance Level (AAL) • Authentication Process Assurance Level • Authenticator • Lv.1 • Single Factor Authentication OK • Lv.2 • Two Factor Authentication • 2 Authenticator Software OK • Lv.3 • Hardware Authenticator Two Factor Authentication
  12. 12. Federation Assurance Level (FAL) • ... • Assertion • (ID Token etc.) • Artifact (a.k.a. Handle / Assertion Reference) • Assertion (Authorization Code etc.) • Front-channel Presentation • Assertion User Agent Assertion (Implicit Flow etc.) • Back-channel Presentation • User Agent Artifact Assertion (Code Flow etc.)
  13. 13. Federation Assurance Level (FAL) • Federation Assurance Level • Federation Assertion / Artifact • Lv.1 • Front-channel / Back-channel Assertion • Lv.2 • Lv1 Front-channel Assertion • Lv.3 • Lv.2 Back-channel Assertion • Lv.4 • Lv.3 Holder-of-Key Assertion (Proof-of-Posession)
  14. 14. Recommended M-04-04 Requirements LOA IAL AAL FAL 1 1 1, 2 or 3 1, 2, 3 or 4 2 1 or 2 2 or 3 2, 3 or 4 3 1 or 2 2 or 3 2, 3 or 4 4 1, 2 or 3 3 3 or 4 Legacy M-04-04 Requirements LOA IAL AAL FAL 1 1 1 1 2 2 2 or 3 2 3 2 2 or 3 2 4 3 3 4
  15. 15. Legacy M-04-04 Requirements (SP 800-63-2 ) ↓ ↓ Identity Proofing LOA1 LOA1
  16. 16. Recommended M-04-04 Requirements (SP 800-63-3 ) ↓ ↓ Identity Proofing (IAL 1) (AAL 2) LOA 3
  17. 17. LOA 3 IAL, AAL, FAL
  18. 18. LOA LOA IAL, AAL, FAL

×