[WG-IDAssurance] FAQ

Rainer Hörbe rainer at hoerbe.at
Wed Mar 23 10:42:27 EDT 2011 

At least we will have frequently answered questions, if not asked ones.

Am 23.03.2011 um 01:35 schrieb Frazier-McElveen, Myisha:

> All,
>  
> We agreed on the last con call that we would circulate the starter set of questions for the FAQs and develop the content for this via the list serve.  Below is the initial list of questions that we have.  I also attached the comment template.  Please feel free to provide either comments or responses to any of the questions below in the comment template.  Make sure to reference the specific question to which you are providing feedback.  Also, if you have additional questions to add, please feel free to include them as well.  When complete, make sure to save the comment template with your initials in the front of the doc. 
>  
> 1.     Why would anyone care for the Identity Assurance Framework since we already have NIST SP 800-63?

If it addresses other use cases than the US federal government: Yes

>  
> 2.     Is it true that identity assurance applies only to Identity Federation scenarios?

Identity Assurance has several connotations: LoA, the IAF, and the information security related identity assertion of a remote user.

The LoA is an essential construct in federations (flat or somewhat hierarchical) to fight complexity. But any large system/organization can profit from LoA.
The same is true for the IAF: It provides a policy for federations or large organizations.
The identity assertion in the infosec-view is completely independent of federations.


> 
> 3.     Am I correct is assuming that identity assurance is relevant only for PKI-based authentication?#

No

> 
> 4.     I understand that identity assurance is about strong authentication, so Identity assurance = two-factor authentication, right?

No, LoA 1 and LoA 2 are included as well.

> 
> 5.     There are no publicly available Identity Assurance standards, correct?
> 
> 6.     Is Kantara Initiative’s Identity Assurance Framework a heavy, proprietary framework?
>  
> 7.     In order to use the Identity Assurance Framework, I need to either pay for it or join Kantara Initiative, correct?
>  
> 8.     I understand that the Identity Assurance Framework is only applicable to US Federal Government programs, is this so?
>  
> 9.     What's the difference between the Identity Assurance Framework, its related certification programs, and the Open Identity Exchange (OIX)?
>  
>  


- Rainer

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20110323/dd61d090/attachment-0002.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IAWG Questionaire_Group Priorities Matrix_20110322.doc
Type: application/msword
Size: 53248 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20110323/dd61d090/attachment-0001.doc 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20110323/dd61d090/attachment-0003.html

More information about the WG-IDAssurance mailing list