Refeds


Subject Re: draft charge, refeds working group on attribute release
From Leif Johansson <leifj@xxxxxxxx>
Date Tue, 05 Jul 2011 09:50:30 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/04/2011 06:19 PM, David Chadwick wrote:
> Hi Nicole
> 
> from your previous email, you seem to think that there is a difference
> between LoA 1 and LoA 0, but there isnt. Zero does not exist in the NIST
> scheme and 1 is equivalent to zero. Therefore if a university only
> offers LoA 1 it is at the same assurance level that Facebook, Google,
> OpenID etc. offer (until finer granularity is added to the scheme, which
> I have been arguing for for ages, but we are not there yet).

Not quite. NIST SP 800-63 doesn't specify "LoA0" but LoA1 is not zero
assurance. There are quite a few specific requirements in LoA1 that are
probably non-trivial to fulfill.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4SwkYACgkQ8Jx8FtbMZnduhACgw8gVzio+w1XvyZ7oETLO8iep
+IQAmgPYbvAXVzKyrgdzJU2L9gTXm5IW
=8mEr
-----END PGP SIGNATURE-----