Support for NIST SP 800-63B AAL
Issue #182
new
In NIST SP 800-63B, three levels of Authentication Assurance Levels (AALs) for authenticating a subscriber was introduced. Deployments in the United States are using the NIST guidelines for deployments so should this be supported by the MODRNA Authentication Profile and added to section 4?
Comments (3)
-
-
Without token binding three is currently no way in the specification to meet FAL 3. There is a possibility we could extend the spec some other way to do proof of possession.
-
reporter Based on today’s working group discussion, a possible way of addressing this through vectors of trust similar to what was done in the iGov OpenID Connect profile (section 3.5).
- Log in to comment
We should discuss this. The problem is that Moderna may or may not be capable of meeting AAL3.