10.3.2.3
"Level 3 assertions shall specify verified names and not pseudonyms."
At first glance I thought this precluded opaque identifiers at the higher levels but it seems that for NIST, 'pseudonym' refers more to the assurance of an identifier than to its privacy characteristics, etc.
"The Subscriber’s name may either be a verified name or a pseudonym. A verified name is associated with the identity of a real person and before an Applicant can receive credentials or register a token associated with a verified name, he or she must demonstrate that the identity is a real identity, and that he or she is the person who is entitled to use that identity. This process is called identity proofing, and is performed by an RA that registers Subscribers with the CSP. At Level 1, since names are not verified, names are always assumed to be pseudonyms."
paul
--
