Added Level of Assurance (LoA) section; fixes #151; fixes #391

w3c / did-core

W3C Decentralized Identifier Specification v1.0

https://www.w3.org/TR/did-core/

Other

407 stars 96 forks source link

Added Level of Assurance (LoA) section; fixes #151; fixes #391 #568

Closed awoie closed 3 years ago

awoie commented 3 years ago

As per @peacekeeper request, I tried to come up with a PR that covers LoAs; fixes #151

Preview | Diff

peacekeeper commented 3 years ago

This also addresses https://github.com/w3c/did-core/issues/391

awoie commented 3 years ago

Thanks, I think this is a useful addition to the Security Considerations section that addresses #151 and #391 and will be relevant to some of the use cases. Maybe it would also be worth mentioning FIDO attestations? In any case, I'm fine with merging this (after applying @TallTed 's fixes).

@peacekeeper I will add FIDO, FIDO 2 / WebAuthn etc. as examples for SCA. I could also add examples for NIST, ISO, eIDAS LoA frameworks if useful.

TallTed commented 3 years ago

(probably worth also adjusting title of this PR, espexcially typo assrance -> assurance, but also level of assurance -> "Level of Assurance (LoA)")

awoie commented 3 years ago

I added some references to NIST, ISO, FIDO/Webauthn.

peacekeeper commented 3 years ago

Maybe @Oskar-van-Deventer also wants to review this, since his issue https://github.com/w3c/did-core/issues/151 was the original inspiration for addressing this topic in the spec.

msporny commented 3 years ago

Editorial, multiple reviews, changes requested and made, no objections, merging.