Anil John
Making Digital Services Secure and Trustworthy

Anil John

Gov of Canada Approach to Separating Credential (Token?) and Identity Assurance

 Tweet  Share  Share  Comment  Print  Email

In earlier blog posts, I have looked at a model for separating token and attribute manager functions and if the NIST E-Authentication Guideline SP 800-63-1 can support such a model. In this blog post, I explore how the Government of Canada has implemented an approach for separating Credential and Identity Assurance.

As noted in the Pan-Canadian Assurance Model and the TBS Canada Guideline for Defining Authentication Requirements, a clear distinction is made between Credential Assurance and Identity Assurance:

Credential Assurance Level (CAL) is the level of confidence that an individual, organization or device has maintained control over what has been entrusted to him or her (e.g., key, token, document, identifier) and that the credential has not been compromised (e.g., tampered with, corrupted, modified) and is described as:

Credential Assurance Level (CAL)Description
4 Very high confidence required that an individual has maintained control over a credential that has been entrusted to him or her and that the credential has not been compromised.
Compromise could reasonably be expected to cause catastrophic harm. 
3 High confidence required that an individual has maintained control over a credential that has been entrusted to him or her and that the credential has not been compromised.
Compromise could reasonably be expected to cause moderate to serious harm.
2 Some confidence required that an individual has maintained control over a credential that has been entrusted to him or her and that the credential has not been compromised.
Compromise could reasonably be expected to cause minimal to moderate harm.
1 Little confidence required that an individual has maintained control over a credential that has been entrusted to him or her and that the credential has not been compromised.
Compromise could reasonably be expected to cause nil to minimal harm.


Identity Assurance Level (IAL) is the level of confidence that an individual, organization or device is who or what it claims to be and is described as:

Identity Assurance
Level (IAL)
Description
4 Very high confidence required that an individual is who he or she claims to be.
Compromise could reasonably be expected to cause catastrophic harm. 
3 High confidence required that an individual is who he or she claims to be.
Compromise could reasonably be expected to cause moderate to serious harm.
2 Some confidence required that an individual is who he or she claims to be.
Compromise could reasonably be expected to cause minimal to moderate harm.
1 Little confidence required that an individual is who he or she claims to be.
Compromise could reasonably be expected to cause nil to minimal harm.


Where I have a bit of "I need to wrap my head around this" is in the use of the word "Credential" in this context, given that I am used to making a distinction between a Token which is something that the Claimant possesses and controls (typically a cryptographic module or password), and a Credential which is an object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber (per NIST SP 800-63-1).

It feels as though the Canadians use the word Credential when they mean a Token, but I am probably splitting hairs on this one. It may be better to note that in practice, they do not care about the identity binding (if one exists) to a credential, but that they care that the same entity that was issued the token/credential continues to maintain control of it.

RELATED INFO


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.

Topic(s):
By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a digital security coach. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone