# NIST SP 800-63-4 ## Source Type Government guideline. NIST Special Publication 800-63-4, Digital Identity Guidelines (2025). ## Domain Identity assurance, authentication assurance, federation assurance, and identity lifecycle. ## Why This Source Matters NIST identity guidance separates identity proofing, authentication assurance, federation assurance, and lifecycle management. NIST 800-63 provides the most explicit assurance-level vocabulary for separating how strongly an identity is bound to a person, how strongly authentication occurred, and how federation preserves or degrades assurance. ## Key Concepts - **IAL (Identity Assurance Level)**: confidence that a subscriber is who they claim to be (IAL1–IAL3). - **AAL (Authenticator Assurance Level)**: confidence in authentication mechanism strength (AAL1–AAL3). - **FAL (Federation Assurance Level)**: confidence in federation protocol and assertion protection (FAL1–FAL3). - **Subscriber**: party enrolled with a CSP (credential service provider). - **Credential Service Provider (CSP)**: issues credentials and performs identity proofing. - **Relying Party (RP)**: depends on CSP assertions. - **Identity Provider (IdP) / Asserting Party (AP)**: federates authentication to RPs. - **Verifier**: entity confirming claimant possession of authenticator. - **Binding**: association between subscriber, identity, and authenticator. - **Identity proofing**: collection and validation of evidence about a person. - **Authenticator**: something the subscriber possesses/controls for auth. - **Federation assertion**: signed statement from IdP to RP about authentication and attributes. ## Relevant Terminology | Term | Source meaning | | --- | --- | | Subscriber | Enrolled party at CSP; not necessarily named "user." | | CSP | Provider performing proofing and credential issuance. | | RP | Consumer of identity/authentication assertions. | | IAL | Identity proofing strength level. | | AAL | Authentication event strength level. | | FAL | Federation protocol/assertion protection level. | | Claimant | Party attempting authentication. | | Verifier | Confirms authenticator use. | | Binding | Link between subscriber identity and authenticator. | | Supervised remote proofing | IAL2+ proofing with human or tech supervision. | ## Modeling Assumptions - **Identity assurance, authentication, and federation are separable** dimensions with independent levels. - **Subscriber is the enrolled entity**, not the legal person directly; binding connects them. - **Proofing evidence matters** and should be retained per policy. - **Federation may preserve or reduce assurance** depending on FAL and assertion contents. - **Lifecycle includes enrollment, binding, maintenance, and termination.** - **Pseudonymous enrollment is allowed** at IAL1 without real-name binding. - **Agency/customer relationship** is outside the technical model but affects policy. ## Identity-Canon Implications - NIST **Subscriber** maps to **Account** or enrolled **Identity Record** bound to **Natural Person** at higher IAL. - **IAL** maps to **Assurance Level** on Identity Record / Person binding. - **AAL** maps to **Assurance Level** on authentication event / Credential use. - **FAL** maps to **Assurance Level** on **Trust Relationship** or federation assertion. - **Binding** maps to **Synonymity Assertion** or **Identifier Binding** between subscriber, person, and authenticator. - **Identity proofing evidence** maps to **Evidence Source**. - Reinforces **P7** (synonymity as assertion) and **P8** (preserve evidence). - Supports S12 (weak match insufficient for IAL2+), S13 (strong link with verification), S06 (family/guardian proofing). ## Terminology Conflicts - **Subscriber vs. User**: NIST subscriber is enrolled party; apps say user. - **Identity vs. Subscriber**: NIST separates identity proofing from subscriber record. - **Credential vs. Authenticator**: NIST distinguishes credential (issued) from authenticator (possessed); products conflate. - **IAL vs. Account trust**: assurance on person binding ≠ account permissions. - **Federation vs. Synonymity**: federation assertion ≠ same-person claim across systems. ## Candidate Canonical Mappings | NIST concept | Candidate canonical concept | | --- | --- | | Subscriber | Account / enrolled Identity Record | | CSP / IdP | Issuer Scope + Trust Relationship | | RP | Relying party Scope | | IAL | Assurance Level (identity proofing) | | AAL | Assurance Level (authentication) | | FAL | Assurance Level (federation) | | Authenticator | Credential | | Binding | Identifier Binding / Synonymity Assertion | | Proofing evidence | Evidence Source | | Federation assertion | Claim + Credential (signed) | | Claimant | Actor attempting authentication (projection) | ## Open Questions - Should IAL/AAL/FAL be a unified Assurance Level vocabulary or three orthogonal dimensions in canon? - How should pseudonymous IAL1 subscribers map when no Natural Person binding exists? - Does guardian-assisted proofing for minors warrant a distinct Relationship type with assurance caps? - Should CSP subscriber ID be a Scoped Identifier under CSP Scope? ## References - NIST SP 800-63-4 — https://pages.nist.gov/800-63-4/ - NIST SP 800-63A (Enrollment and Identity Proofing) — https://pages.nist.gov/800-63-4/sp800-63A.html - NIST SP 800-63B (Authentication and Lifecycle) — https://pages.nist.gov/800-63-4/sp800-63B.html - NIST SP 800-63C (Federation and Assertions) — https://pages.nist.gov/800-63-4/sp800-63C.html