Child pages
  • FAQs
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

  • Why would anyone care for the Identity Assurance Framework since we already have NIST SP 800-63?
    Response: If it addresses other use cases than the US federal government: Yes
  • Is it true that identity assurance applies only to Identity Federation scenarios?
    Response: Identity Assurance has several connotations: LoA, the IAF, and the information security related identity assertion of a remote user.

The LoA is an essential construct in federations (flat or somewhat hierarchical) to fight complexity. But any large system/organization can profit from LoA.
The same is true for the IAF: It provides a policy for federations or large organizations.
The identity assertion in the infosec-view is completely independent of federations.

  • Am I correct is assuming that identity assurance is relevant only for PKI-based authentication?
    Response: No.
  • I understand that identity assurance is about strong authentication, so Identity assurance = two-factor authentication, right?
    Response: No, LoA 1 and LoA 2 are included as well.
  • There are no publicly available Identity Assurance standards, correct?
  • Is Kantara Initiative
  • No labels