OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Re: [iaeg] FYI:SP 800-63 Rev. 1

clarified further on

The assurance level indication within the assertion may be implicit (e.g., through the identity of the Verifier implicitly indicating the resulting assurance level) or explicit (e.g., through an explicit field within the assertion.)


Paul Madsen wrote:
4947E9D0.5000507@rogers.com" type="cite"> this line would appear to mandate use of SAML Authn Context (or an equivalent attribute-based mechanism)

"All assertions recognized within this guideline must indicate the assurance level of the initial authentication of the Subscriber."


' =JeffH ' wrote:
below's the full blurb on the NIST drafts page 


Dec. 12, 2008

SP 800-63 Rev. 1

DRAFT Electronic Authentication Guideline

Draft SP 800-63 Revision 1: E-Authentication Guideline is available for a 
second public comment period. It supplements OMB guidance, by providing 
technical guidelines for the design of electronic systems for the remote 
authentication of citizens by government agencies. The revision represents an 
expansion and reorganization of the original document, broadening the 
discussion of technologies available to agencies, and giving a more detailed 
discussion of assertion technologies. Changes intended to clarify the 
pre-existing requirements are also included in the revision. The bulk of the 
changes since the previously posted draft of SP 800-63-1 concern assertion 
technologies and Kerberos. Comments will be accepted until January 30, 2009. 
Comments should be forwarded via email to eauth-comments@nist.gov.



To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:



No virus found in this incoming message. Checked by AVG. Version: 7.5.552 / Virus Database: 270.9.18/1851 - Release Date: 16/12/2008 8:53 AM


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]