More on Government Levels of Assurance

1 view
Skip to first unread message

Charles Andres

unread,
Jan 30, 2009, 3:21:45 PM1/30/09
to icf-wg-rp-...@googlegroups.com
Ron --

I have read the document on US Govt E-authorization guidelines you
circulated yesterday. Because the levels of assurance discussed in it
are identical to those quoted in other self-referential documents, I
put all three on the site. These include the NIST 800-63 document
(April 2006) and the Liberty IAF document.

ICF needs to create a white paper that describes information cards
using the terms and requirements in these documents. It is important
for decision makers now to see that information cards are better than
the other methods (OAuth, SAML, OpenID, Facebook Connect, et.al.) and
can interoperate with any of these technologies.

But this only addresses one aspect of real identity assurance. The
other part are the business practices and workflow required to meet
the appropriate Levels (1 - 4) as the weakest link in the chain of
identity vetting and periodic authorization determines the overall
level of the system in place.

I think we can make a case that not only are information cards
flexible enough to deal with requirements from Level 1 to 4, but that
they are the lowest cost with highest benefit alternative.

I have uploaded these documents plus the National Science and
Technology Council's 2008 Identity Management Taskforce Report. All
are linked off the RP Evangelist Wikipage. https://informationcard.net/wiki/index.php/RP_Evangelists_WG
#Misc


Charles Andres, Executive Director
Information Card Foundation
56 Kearney Road
Needham, MA 02494 USA
781 559 4223
can...@informationcard.net


Reply all
Reply to author
Forward
0 new messages