Trust. Trust is the most fundamental notion in every one of our business interactions, whatever our needs are: low or high assurance.
Vector of Trust is a promising means to convey it through third parties and NIST SP-800-63-3 is a fantastic framework for defining your Trust capabilities. But, sometimes, you may find it difficult to map xAL requirements to real life evidence and authenticators.
This session should help you with that.
Do you know that, by the time of Identiverse 2019, NIST SP-800-63-3 will celebrate its second birthday? It is a framework that improved lots of points over the previous LoA scale and gained a lot of maturity thanks to implementers, researchers, and confrontations to other Trust frameworks.
Still you may find it hard to find your way wherever you try to be a compliant IAL2 compliant CSP to ensure a third party that your users are IAL3 proofed or authenticated through an AAL2 authenticator, etc.
Surely you know that you enrolled this user thanks to a photocopied electricity bill and authenticated him/her based on an Out-of-Band single factor device generating OATH compliant OTP tokens. Those are real life examples but you will have to find in which xAL box this may fit.
This specific situation was raised within IDPro and we formalized some cheat sheets for you to navigate the inherent difficulties such as:
•Main differences between levels of assurance;
•Differences and ways to categorized WEAK, LOW, STRONG, and SUPERIOR real-life identity evidences;
•Differences and ways to categorize real-life authenticators;
•Ways to map NIST xALs to other Trust frameworks categories.
By attending this session you will get a clearer, simpler, and more actionable picture of NIST SP-800-63-3 that will ease your path for your Vector of Trust journey.