Page and content in progress
- Why would anyone care for the Identity Assurance Framework since we already have NIST SP 800-63?
Response: If it addresses other use cases than the US federal government: Yes
- Is it true that identity assurance applies only to Identity Federation scenarios?
Response: Identity Assurance has several connotations: LoA, the IAF, and the information security related identity assertion of a remote user. The LoA is an essential construct in federations (flat or somewhat hierarchical) to fight complexity. But any large system/organization can profit from LoA. The same is true for the IAF: It provides a policy for federations or large organizations.The identity assertion in the infosec-view is completely independent of federations.
- Am I correct is assuming that identity assurance is relevant only for PKI-based authentication?
Response: No.
- I understand that identity assurance is about strong authentication, so Identity assurance = two-factor authentication, right?
Response: No, LoA 1 and LoA 2 are included as well.
- There are no publicly available Identity Assurance standards, correct?
- *Is Kantara Initiative