Draft linee guida NIST su autenticazione. Interessante…

Archivio di tutti i clip: clips.quintarelli.it (Notebook di Evernote).viene rimossosi caldeggia di evitare di richiedere il cambiamento periodico delle password... DRAFT NIST Special Publication 800-63B Table of Contents 1. Purpose 2. Introduction 3. Definitions and Abbreviations 4. Authenticator Assurance Levels 5. Authenticator and Verifier Requirements 6. Authenticator Lifecycle Requirements 7. Session Management 8. Threats and Security Considerations 9. Privacy Considerations 10. Usability Considerations 11. References Appendix A. Strength of Memorized Secrets 1. Purpose This section is informative. This document and its companion documents, , , and , provide technical guidelines to agencies for the implementation of digital authentication. 2. Introduction This section is informative. Digital identity is the unique representation of a subject engaged in an online transaction. A digital identity is always unique in the context of a digital service, but does not necessarily need to uniquely identify the subject. In other words, accessing a digital service may not mean that the physical representation of the underlying subject is known. Identity proofing establishes that a subject is actually who they claim to be. Digital authentication is the process of determining the validity of one or more authenticators used to claim a digital identity. Authentication establishes a subject attempting to access a digital service is in control of the technologies used[...]

Lascia un Commento

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *

È possibile utilizzare questi tag ed attributi XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>