Colorado Electronic Signature Guidelines (issued 2007)
In response to HSPD 12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification of Federal Employees and Contractors, was developed to satisfy the requirements of HSPD 12, approved by the Secretary of Commerce, and issued on February 25, 2005.
FIPS 201 incorporates three technical publications specifying several aspects of the required administrative procedures and technical specifications that may change as the standard is implemented and used. NIST Special Publication 800-73, "Interfaces for Personal Identity Verification" specifies the interface and data elements of the PIV card; NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification" specifies the technical acquisition and formatting requirements for biometric data of the PIV system; and NIST Special Publication 800-78, "Cryptographic Algorithms and Key Sizes for Personal Identity Verification" specifies the acceptable cryptographic algorithms and key sizes to be implemented and used for the PIV system.
In addition, a number of guidelines, reference implementations, and conformance tests have been identified as being needed to: implement and use the PIV system; protect the personal privacy of all subscribers of the PIV system; authenticate identity source documents to obtain the correct legal name of the person applying for a PIV "card"; electronically obtain and store required biometric data (e.g., fingerprints, facial images) from the PIV system subscriber; create a PIV "card" that is "personalized" with data needed by the PIV system to later grant access to the subscriber to Federal facilities and information systems; assure appropriate levels of security for all applicable Federal applications; and provide interoperability among Federal organizations using the standards. These activities will be pursued as resources permit.
SAML, developed by the Security Services Technical Committee of OASIS, is an XML-based framework for communicating user authentication, entitlement, and attribute information. As its name suggests, SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application.
|Liberty Identity Assurance Framework||
In today's information economy, trust is the necessary foundation for secure interoperability, and central to the successful realization of what's possible on the Web. From the user perspective as well as that of the deploying organization, it's an issue of who is trusted with what -- and that requires policy, business and technology understanding and infrastructure. Thus the Liberty Alliance emerged: a first-of-its-kind standards organization with a global membership that provides a holistic approach to identity.
The LIAF leverages the EAP Trust Framework [EAPTrustFramework] and the US E-Authentication Federation Credential Assessment Framework ([CAF]) as a baseline in forming the criteria for a harmonized, best-of-breed industry identity assurance standard. The LIAF is a framework supporting mutual acceptance, validation, and life cycle maintenance across identity federations. The main components of the LIAF are detailed discussions of Assurance Level criteria, Service and Credential Assessment Criteria, an Accreditation and Certification Model, and the associated business rules.