Posts

Showing posts from February, 2020

Conveying Identity and Authenticator Assurance Levels in OpenID Connect and Beyond in Healthcare

Conveying Identity and Authenticator Assurance Levels in OpenID Connect and Beyond in Healthcare 1. Standards and the Proposed Rule NIST's Special Publication 800-63-3 Digital Identity Guidelines outlines 3 identity assurance levels, "1", "2", and "3" to codify how well a person is or isn't, with 1 being a low confidence a person is who they say they are.  Similarly, Authentication Assurance Levels (AALs) of "1", "2", and 3" are also defined in NIST guidelines.  IAL details the  "login" or Authentication event.

In ONC's proposed rule, "21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program", OpenID Connect is proposed in the following passage:   To enable and support persistent user authentication and app authorization processes, we propose to adopt a standards and additional implementation specification for the FHIR standard. First, we propose…