Any attributes provided in conjunction with the subject’s activities are self-asserted or should be treated as self-asserted (including attributes a CSP asserts to an RP).
Self-asserted attributes are neither validated nor verified.
For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST.
over fifties dating - Status validating identity
This publication supersedes corresponding sections of NIST Special Publication (SP) 800-63-2. The terms “SHALL” and “SHALL NOT” indicate requirements to be followed strictly in order to conform to the publication and from which no deviation is permitted. Examples include obtaining health care and executing financial transactions.
The authors would like to acknowledge the contributions and guidance of our international peers, including Adam Cooper, Alastair Treharne, and Julian White from the Cabinet Office, United Kingdom, and Tim Bouma from the Treasury Board of Canada Secretariat, Government of Canada, Kaitlin Boeckl for her artistic contributions to all volumes in the SP 800-63 suite, and the contributions of our many reviewers, including Joni Brennan from the Digital ID & Authentication Council of Canada (DIACC), Ben Piccarreta and Ellen Nadeau from NIST, and Danna Gabel O’Rourke from Deloitte & Touche LLP. The terms “SHOULD” and “SHOULD NOT” indicate that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not necessarily required, or that (in the negative form) a certain possibility or course of action is discouraged but not prohibited. There are also situations where the association is required for regulatory reasons (e.g., the financial industry’s ‘Know Your Customer’ requirements, established in the implementation of the USA PATRIOT Act of 2001) or to establish accountability for high-risk actions (e.g., changing the release rate of water from a dam).
In both instances, the ZIP code is sufficient to deliver the service; it is not necessary or desirable to know the underlying identity of the person.
The following table states which sections of this document are normative and which are informative: Assurance in a subscriber’s identity is described using one of three IALs: IAL1: There is no requirement to link the applicant to a specific real-life identity.
This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130.