ISO/IEC 29115:2013
(Main)Information technology — Security techniques — Entity authentication assurance framework
Information technology — Security techniques — Entity authentication assurance framework
ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it: - specifies four levels of entity authentication assurance; - specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance; - provides guidance for mapping other authentication assurance schemes to the four LoAs; - provides guidance for exchanging the results of authentication that are based on the four LoAs; and - provides guidance concerning controls that should be used to mitigate authentication threats.
Technologies de l'information — Techniques de sécurité — Cadre d'assurance de l'authentification d'entité
General Information
Buy Standard
Standards Content (Sample)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
29115
ISO/IEC JTC 1
Information technology — Security
Secretariat: ANSI
techniques — Entity authentication
Voting begins on:
assurance framework
2012-07-20
Voting terminates on:
Technologies de l'information — Techniques de sécurité — Cadre
2012-09-20
d'assurance de l'authentification d'entité
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPORT-
ING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 29115:2012(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
NATIONAL REGULATIONS. ISO/IEC 2012
---------------------- Page: 1 ----------------------
ISO/IEC FDIS 29115:2012(E)
Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as permitted
under the applicable laws of the user's country, neither this ISO draft nor any extract from it may be
reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
photocopying, recording or otherwise, without prior written permission being secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or ISO's
member body in the country of the requester.
ISO copyright office
Case postale 56 CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
ii
© ISO/IEC 2012 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 29115:2012 (E)
CONTENTS
Page
Foreword…………………………………………………………….……………………………………………………….iii
Introduction…………………………………………….……………………………….……………………………………iv
1 Scope . 1
2 Normative references . 1
2.1 Identical Recommendations | International Standards . 1
2.2 Paired Recommendations | International Standards . 1
2.3 Additional references . 1
3 Definitions. 1
4 Abbreviations . 3
5 Conventions . 4
6 Levels of assurance . 4
6.1 Level of assurance 1 (LoA1) . 5
6.2 Level of assurance 2 (LoA2) . 5
6.3 Level of assurance 3 (LoA3) . 5
6.4 Level of assurance 4 (LoA4) . 6
6.5 Selecting the appropriate level of assurance. 6
6.6 LoA mapping and interoperability . 7
6.7 Exchanging authentication results based on the 4 LoAs . 7
7 Actors . 8
7.1 Entity .
...
DRAFT INTERNATIONAL STANDARD ISO/IEC DIS 29115
ISO/IEC JTC 1 Secretariat: ANSI
Voting begins on Voting terminates on
2011-11-23 2012-04-23
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION
INTERNATIONAL ELECTROTECHNICAL COMMISSION • МЕЖДУНАРОДНАЯ ЭЛЕКТРОТЕХНИЧЕСКАЯ КОММИСИЯ • COMMISSION ÉLECTROTECHNIQUE INTERNATIONALE
Information technology — Security techniques — Entity
authentication assurance framework
Technologies de l'information — Techniques de sécurité — Cadre d'assurance de l'authentification d'entité
ICS 35.040
In accordance with the provisions of Council Resolution 21/1986 this DIS is circulated in the
English language only.
Conformément aux dispositions de la Résolution du Conseil 21/1986, ce DIS est distribué en
version anglaise seulement.
To expedite distribution, this document is circulated as received from the committee
secretariat. ISO Central Secretariat work of editing and text composition will be undertaken at
publication stage.
Pour accélérer la distribution, le présent document est distribué tel qu'il est parvenu du
secrétariat du comité. Le travail de rédaction et de composition de texte sera effectué au
Secrétariat central de l'ISO au stade de publication.
THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE
REFERRED TO AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH.
RPOSES,
IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PU
DRAFT INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME
STANDARDS TO WHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPORTING DOCUMENTATION.
International Organization for Standardization, 2011
©
International Electrotechnical Commission, 2011
---------------------- Page: 1 ----------------------
ISO/IEC DIS 29115
Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as permitted
under the applicable laws of the user's country, neither this ISO draft nor any extract from it may be
reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
photocopying, recording or otherwise, without prior written permission being secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or ISO's
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
ii © ISO/IEC 2011 — All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 29115:2011 (E)
CONTENTS
Page
Foreword…………………………………………………………….……………………………………………………….iii
Summary …………………………………………….……………………………….……………………………………iv
1 Scope . 1
2 Normative references . 1
2.1 Identical Recommendations | International Standards . 1
2.2 Paired Recommendations | International Standards . 1
2.3 Additional references . 1
3 Definitions . 1
4 Abbreviations . 3
5 Conventions . 4
6 Levels of assurance . 4
6.1 Level of assurance 1 (LoA1) . 5
6.2 Level of assurance 2 (LoA2) . 5
6.3 Level of assurance 3 (LoA3) . 5
6.4 Level of assurance 4 (LoA4) .
...
INTERNATIONAL ISO/IEC
STANDARD 29115
First edition
2013-04-01
Information technology — Security
techniques — Entity authentication
assurance framework
Technologies de l'information — Techniques de sécurité — Cadre
d'assurance de l'authentification d'entité
Reference number
ISO/IEC 29115:2013(E)
©
ISO/IEC 2013
---------------------- Page: 1 ----------------------
ISO/IEC 29115:2013(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 29115:2013(E)
Contents Page
Foreword . iv
Introduction . v
1 Scope . 1
2 Normative references . 1
2.1 Identical Recommendations | International Standards . 1
2.2 Paired Recommendations | International Standards . 1
2.3 Additional references . 1
3 Terms and definitions . 1
4 Abbreviations . 5
5 Conventions . 6
6 Levels of assurance . 6
6.1 Level of assurance 1 (LoA1) . 7
6.2 Level of assurance 2 (LoA2) . 7
6.3 Level of assurance 3 (LoA3) . 7
6.4 Level of assurance 4 (LoA4) . 8
6.5 Selecting the appropriate level of assurance . 8
6.6 LoA mapping and interoperability . 9
6.7 Exchanging authentication results based on the 4 LoAs . 10
7 Actors . 10
7.1 Entity . 10
7.2 Credential service provider . 10
7.3 Registration authority . 11
7.4 Relying party . 11
7.5 Verifier . 11
7.6 Trusted third party . 11
8 Entity authentication assurance framework phases .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.