assurance - [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches
Subject: Assurance
List archive
- From: "Jones, Mark B" <>
- To: "" <>
- Subject: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches
- Date: Tue, 7 Aug 2012 09:16:35 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
Where did "Silver is not 800-63 level 2, Silver is Silver" come from? I’m confused why people seem to want to distance Silver from 800-63. From what I read, 800-63 level 2 is exactly what Silver is with respect to identity proofing and credential issuance. “InCommon Bronze and Silver are intended to be compatible with US federal government Identity, Credential, and Access Management (ICAM) Trust Framework Provider Adoption Process (TFPAP) Levels of Assurance 1 and 2.” http://www.incommon.org/docs/assurance/IAP_V1.1.pdf and 800-63 is a core ICAM document. http://www.idmanagement.gov/pages.cfm/page/ICAM If that is not enough… Sections §4.2.2.4.2 and §4.2.2.4.3 of the IAP describing ‘in-person’ and ‘remote’ proofing are taken verbatim from the 800-63 table that describes “Identity Proofing Requirements” for NIST level 2. http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf When we are discussing identity proofing and credential issuance for Silver we are talking 800-63. From: [mailto:] Remote-Proofing ApproachesPage comment added by I got some feedback from the Big Ten auditor community. Their feedback was (generalized): 1) The notary approach might work 2) They don't like the video approach, but did not give specific reasons why 3) They think the eVerify process used for I9 stuff in HR processes is good enough to use for proofing (not remote, really, but OK I think this is good news for existing relationship stuff) 4) Quote: "I don't know how InCommon relates to NIST 800-63, but 800-63 seems clearer. It says that remote proofing for Level 2 or 3 requires validation of the gov't ID and/or financial acct, plus address validation. The latter is not a substitute for the former." To me that says if you take this to be 800-63 rules, then you also need to validate the ID at LoA2/Silver. But then again, "Silver is not 800-63 level 2, Silver is Silver." |
- [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/07/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Ann West, 08/07/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- <Possible follow-up(s)>
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Joe St Sauver, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/09/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Ann West, 08/07/2012
Archive powered by MHonArc 2.6.16.
Stop watching page | Change email notification preferences
View Online |