NIST SP 800-63-3 Federation Proxy Profile, v1.0

Profile of requirements that the operator of a Federation Proxy must satisfy to comply with the NIST Special Publication 800-63-3 series of documents.
Publication Date 2019-04-05
Issuing Organization
No Responder help@trustmarkinitiative.org 404-407-8956 75 5th Street NW, Suite 900, Atlanta, GA 30308
Keywords NIST, 800-63, Identity, Federation, Proxy
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TIP_NISTSP80063CIdPProfile and TIP_NISTSP80063CFederatedRPProfile and TD_FederationAssuranceLevelAssertionLimitationforFederationProxies and TD_NondisclosureofPairwisePseudonymousIdentifierMappings

References (4)

 TIP  NIST SP 800-63C IdP Profile, v1.0
Description Profile of all requirements that an Identity Provider (IdP) must satisfy to comply with NIST Special Publication 800-63C, <i>Digital Identity Guidelines: Federation and Assertions</i>.
ID TIP_NISTSP80063CIdPProfile
 TIP  NIST SP 800-63C Federated RP Profile, v1.0
Description Profile of all requirements that a federated Relying Party (RP) must satisfy to comply with NIST Special Publication 800-63C, <i>Digital Identity Guidelines: Federation and Assertions</i>.
ID TIP_NISTSP80063CFederatedRPProfile
 TD  Federation Assurance Level Assertion Limitation for Federation Proxies, v1.0
Description The use of proxies within a federation must not incorrectly present the Federation Assurance Level (FAL) to any relying parties. All proxies must strictly advertise the lowest FAL that operate at as the only FAL they operate at for the purposes of considering the FAL for any transaction using the proxy.
ID TD_FederationAssuranceLevelAssertionLimitationforFederationProxies
Provider Reference
 TD  Nondisclosure of Pairwise Pseudonymous Identifier Mappings, v1.0
Description When a federation proxy maps a user identifier to a pseudonymous identifier for consumption within a federation that uses pseudonymous identifiers, the proxy must not divulge this mapping except where it is necessary for legal reasons or to the proxied user if he or she requests this information.
ID TD_NondisclosureofPairwisePseudonymousIdentifierMappings
Provider Reference
Also available as XML or JSON