Trustmark Initiative

NIST SP 800-63-3 Federation Proxy Profile, v1.0

Profile of requirements that the operator of a Federation Proxy must satisfy to comply with the NIST Special Publication 800-63-3 series of documents.

Publication Date

2019-04-05

Issuing Organization

Trustmark Initiative (https://trustmarkinitiative.org/) View Contact

No Responder

help@trustmarkinitiative.org

404-407-8956

75 5th Street NW, Suite 900, Atlanta, GA 30308

Keywords

NIST, 800-63, Identity, Federation, Proxy

Legal Notice

This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TIP_NISTSP80063CIdPProfile and TIP_NISTSP80063CFederatedRPProfile and TD_FederationAssuranceLevelAssertionLimitationforFederationProxies and TD_NondisclosureofPairwisePseudonymousIdentifierMappings

References (4)

TIP NIST SP 800-63C IdP Profile, v1.0
Description	Profile of all requirements that an Identity Provider (IdP) must satisfy to comply with NIST Special Publication 800-63C, Digital Identity Guidelines: Federation and Assertions.
ID	TIP_NISTSP80063CIdPProfile

TIP NIST SP 800-63C Federated RP Profile, v1.0
Description	Profile of all requirements that a federated Relying Party (RP) must satisfy to comply with NIST Special Publication 800-63C, Digital Identity Guidelines: Federation and Assertions.
ID	TIP_NISTSP80063CFederatedRPProfile

TD Federation Assurance Level Assertion Limitation for Federation Proxies, v1.0
Description	The use of proxies within a federation must not incorrectly present the Federation Assurance Level (FAL) to any relying parties. All proxies must strictly advertise the lowest FAL that operate at as the only FAL they operate at for the purposes of considering the FAL for any transaction using the proxy.
ID	TD_FederationAssuranceLevelAssertionLimitationforFederationProxies
Provider Reference

TD Nondisclosure of Pairwise Pseudonymous Identifier Mappings, v1.0
Description	When a federation proxy maps a user identifier to a pseudonymous identifier for consumption within a federation that uses pseudonymous identifiers, the proxy must not divulge this mapping except where it is necessary for legal reasons or to the proxied user if he or she requests this information.
ID	TD_NondisclosureofPairwisePseudonymousIdentifierMappings
Provider Reference

Also available as XML or JSON