You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Comment
These guidelines do not address cloud with respect to possible considerations for authenticating to cloud services from outside or from within cloud boundaries.
Rationale
Such guidance is needed as assets increasingly are moving to cloud hosted environments. Current cloud security guidance is notably missing when it comes to authentication to numerous cloud services where multiple identities are involved.
Suggested Change
Incorporate language that addresses Cloud Computing Reference Architecture (ISO/IEC 17788 and 17789) terms and concepts such as cloud service customer, partner, and provider, and how authentication will take place as a security service supporting these roles.
Resolution
Modify
Explanation
With IAL, AAL, FAL, does a cloud computing environment matter? Is there anything in cloud computing ref arch that can't be traced to existing document? How would we map NIST 800-63-3 terminology to cloud computing use cases? Is this obvious? Would we need to? Nate will look into it.
The text was updated successfully, but these errors were encountered:
TLSrUS
changed the title
SP 800 63-3x comments from DoD
SP 800 63-3 Comment 5
Mar 30, 2017
Org
USAF AFLCMC/HNCEI
Section
2.2
Comment
These guidelines do not address cloud with respect to possible considerations for authenticating to cloud services from outside or from within cloud boundaries.
Rationale
Such guidance is needed as assets increasingly are moving to cloud hosted environments. Current cloud security guidance is notably missing when it comes to authentication to numerous cloud services where multiple identities are involved.
Suggested Change
Incorporate language that addresses Cloud Computing Reference Architecture (ISO/IEC 17788 and 17789) terms and concepts such as cloud service customer, partner, and provider, and how authentication will take place as a security service supporting these roles.
Resolution
Modify
Explanation
With IAL, AAL, FAL, does a cloud computing environment matter? Is there anything in cloud computing ref arch that can't be traced to existing document? How would we map NIST 800-63-3 terminology to cloud computing use cases? Is this obvious? Would we need to? Nate will look into it.
The text was updated successfully, but these errors were encountered: