Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

NIST SP 800-63-3 #idcon vol.22

809 views

Published on

#idcon vol.22 のスライド (1つめ)

日本語が消えてるので、見る時はダウンロードしてみてください。

Published in: Technology
  • Be the first to comment

  • Be the first to like this

NIST SP 800-63-3 #idcon vol.22

  1. 1. SP 800-63-3 - Digital Authentication Guideline - Nov Matake
  2. 2. Nov Matake • OpenID Foundation Japan • • • WG • #idcon • OAuth.jp • YAuth.jp
  3. 3. GOAL • SP 800-63-2 • SP 800-63-3 • SP 800-63-3 • SP 800-63
  4. 4. https://openid-foundation-japan.github.io/800-63-3/
  5. 5. • SP 800-63-3 (@nov) • Digital Authentication Guideline • SP 800-63A (@sami_mkw_ + @nov) • Enrollment & Identity Proofing • SP 800-63B (@kthrtty + @hitok_) • Authentication & Lifecycle Management • SP 800-63C (@nov) • Federation & Assertions
  6. 6. https://github.com/openid-foundation-japan/800-63-3 SP 800-63-3 https://github.com/usnistgov/800-63-3
  7. 7. SP 800-63-3 - Digital Authentication Guideline -
  8. 8. SP 800-63-3 • M-04-04 Level of Assurance (LOA) 3 • Identity Assurance Level (IAL) • Authenticator Assurance Level (AAL) • Federation Assurance Level (FAL) • Assurance Level • Assurance Level • IAL=63A / AAL=63B / FAL=63C
  9. 9. SP 800-63-2 • 5 LOA Lv1-Lv4 • Identity Proofing • Token • Token and Credential Management • Authentication Process • Assertion • 63-2 1 Level (LOA) • 63-3 1 Level (LOA) 3 Level (xAL)
  10. 10. Identity Assurance Level (IAL) • Identity Proofing Assurance Level • Lv.1 • Identity Proofing • Lv.2 • Identity Proofing • Lv.3 • Identity Proofing
  11. 11. Authenticator Assurance Level (AAL) • Authentication Process Assurance Level • Authenticator • Lv.1 • Single Factor Authentication OK • Lv.2 • Two Factor Authentication • 2 Authenticator Software OK • Lv.3 • Hardware Authenticator Two Factor Authentication
  12. 12. Federation Assurance Level (FAL) • ... • Assertion • (ID Token etc.) • Artifact (a.k.a. Handle / Assertion Reference) • Assertion (Authorization Code etc.) • Front-channel Presentation • Assertion User Agent Assertion (Implicit Flow etc.) • Back-channel Presentation • User Agent Artifact Assertion (Code Flow etc.)
  13. 13. Federation Assurance Level (FAL) • Federation Assurance Level • Federation Assertion / Artifact • Lv.1 • Front-channel / Back-channel Assertion • Lv.2 • Lv1 Front-channel Assertion • Lv.3 • Lv.2 Back-channel Assertion • Lv.4 • Lv.3 Holder-of-Key Assertion (Proof-of-Posession)
  14. 14. Recommended M-04-04 Requirements LOA IAL AAL FAL 1 1 1, 2 or 3 1, 2, 3 or 4 2 1 or 2 2 or 3 2, 3 or 4 3 1 or 2 2 or 3 2, 3 or 4 4 1, 2 or 3 3 3 or 4 Legacy M-04-04 Requirements LOA IAL AAL FAL 1 1 1 1 2 2 2 or 3 2 3 2 2 or 3 2 4 3 3 4
  15. 15. Legacy M-04-04 Requirements (SP 800-63-2 ) ↓ ↓ Identity Proofing LOA1 LOA1
  16. 16. Recommended M-04-04 Requirements (SP 800-63-3 ) ↓ ↓ Identity Proofing (IAL 1) (AAL 2) LOA 3
  17. 17. LOA 3 IAL, AAL, FAL
  18. 18. LOA LOA IAL, AAL, FAL

×