论文信息 - Digital Identity Guidelines: Federation and Assertions

Digital Identity Guidelines: Federation and Assertions

This document and its companion documents, SP 800-63, SP 800-63A, and SP 800-63B, provide technical and procedural guidelines to agencies for the implementation of federated identity systems and for assertions used by federations. This publication supersedes corresponding sections of SP 800-63-2. These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. This guideline focuses on the use of federated identity and the use of assertions to implement identity federations. Federation allows a given credential service provider to provide authentication and (optionally) subscriber attributes to a number of separately-administered relying parties. Similarly, relying parties may use more than one credential service provider.

[1] Ergonomic requirements for office work with visual display terminals ( VDTs ) — Part 11 : Guidance on usability , 1998 .

[2] John T. Kohl,et al. The Kerberos Network Authentication Service (V5 , 2004 .

[3] John Hughes,et al. Security Assertion Markup Language (SAML) 2.0 Technical Overview , 2004 .

[4] Michael B. Jones,et al. OAuth 2.0 Dynamic Client Registration Protocol , 2015, RFC.

[5] Naomi B. Lefkovitz,et al. An Introduction to Privacy Engineering and Risk Management in Federal Systems , 2017 .