jricher
commented
5 years ago "federation" is used as a term of art to describe both the trust relationship as well as the multi-party protocol. Both uses are covered in this document.
Closed jimfenton closed 5 years ago
jricher
commented
5 years ago "federation" is used as a term of art to describe both the trust relationship as well as the multi-party protocol. Both uses are covered in this document.
(Submitted by MITRE)
In 800-63C, Section 5:
The description of federation is of its simplest form and the use of FAL may hinder expansion of 800-63 in the future. What's described can also be called indirect authentication, wherein the verifier is not between the claimant and the RP for all message exchanges. "Big F" Federation is the notion that organizations have trust relationships amongst themselves, and may accept (and thus trust) another organization's identifiers and/or credentials and/or authentication assertions and/or attribute assertions. As you know, trustmarks and trust vectors are mechanisms to characterize these relationships.
Suggestion: Reconsider use of FAL as the acronym and this narrow description of federation. Indeed, what's being characterized by the FAL is an assurance by a third party of the strength of an assertion. A SAL, perhaps. (I regret not having thought of this months ago.)