Child pages (Children Display) |
---|
|
- Why would anyone care for the Identity Assurance Framework since we already have NIST SP 800-63?
Response: If it addresses other use cases than the US federal government: Yes
- Is it true that identity assurance applies only to Identity Federation scenarios?
Response: Identity Assurance has several connotations: LoA, the IAF, and the information security related identity assertion of a remote user. The LoA is an essential construct in federations (flat or somewhat hierarchical) to fight complexity. But any large system/organization can profit from LoA. The same is true for the IAF: It provides a policy for federations or large organizations.The identity assertion in the infosec-view is completely independent of federations.
- Am I correct is assuming that identity assurance is relevant only for PKI-based authentication?
Response: No.
- I understand that identity assurance is about strong authentication, so Identity assurance = two-factor authentication, right?
Response: No, LoA 1 and LoA 2 are included as well.
- There are no publicly available Identity Assurance standards, correct?
{"serverDuration": 153, "requestCorrelationId": "3b22ffa06c73490e80a9c3a8235bf7e5"}