Child pages
  • FAQs

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Why would anyone care for the Identity Assurance Framework since we already have NIST SP 800-63?
  • Response: If it addresses other use cases than the US federal government: Yes
  • Is it true that identity assurance applies only to Identity Federation scenarios?
    Response: Identity Assurance has several connotations: LoA, the IAF, and the information security related identity assertion of a remote user.The LoA is an essential construct in federations (flat or somewhat hierarchical) to fight complexity. But any large system/organization can profit from LoA.

...

  • The same is true for the IAF: It provides a policy for federations or large organizations.

...

  • The identity assertion in the infosec-view is completely independent of federations.
  • Am I correct is assuming that identity assurance is relevant only for PKI-based authentication?
    Response: No.
  • I understand that identity assurance is about strong authentication, so Identity assurance = two-factor authentication, right?
    Response: No, LoA 1 and LoA 2 are included as well.
  • There are no publicly available Identity Assurance standards, correct?
  • Is Kantara Initiative