openid / mobile / issues / #182 - Support for NIST SP 800-63B AAL — Bitbucket

Issue #182 new

Bjorn Hjelm created an issue 2020-06-23

In NIST SP 800-63B, three levels of Authentication Assurance Levels (AALs) for authenticating a subscriber was introduced. Deployments in the United States are using the NIST guidelines for deployments so should this be supported by the MODRNA Authentication Profile and added to section 4?

Comments (3)

John Bradley
We should discuss this. The problem is that Moderna may or may not be capable of meeting AAL3.
- 2020-07-21T14:06:16+00:00
John Bradley
Without token binding three is currently no way in the specification to meet FAL 3. There is a possibility we could extend the spec some other way to do proof of possession.
- 2021-06-22T14:11:48+00:00
Bjorn Hjelm reporter
Based on today’s working group discussion, a possible way of addressing this through vectors of trust similar to what was done in the iGov OpenID Connect profile (section 3.5).
- 2021-06-22T14:21:54+00:00
Log in to comment

Assignee: John Bradley

Type: enhancement

Priority: major

Status: new

Component: Authentication

Milestone: Implementer's Draft

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!