Support for NIST SP 800-63B AAL

Issue #182 new
Bjorn Hjelm created an issue

In NIST SP 800-63B, three levels of Authentication Assurance Levels (AALs) for authenticating a subscriber was introduced. Deployments in the United States are using the NIST guidelines for deployments so should this be supported by the MODRNA Authentication Profile and added to section 4?

Comments (3)

  1. John Bradley

    We should discuss this. The problem is that Moderna may or may not be capable of meeting AAL3.

  2. John Bradley

    Without token binding three is currently no way in the specification to meet FAL 3. There is a possibility we could extend the spec some other way to do proof of possession.

  3. Log in to comment