INFO5301 Tutorial 6
NIST Digital Identity Guidelines
The goal of this tutorial is to guide you to understand the technical guidelines issued for the imple-
mentation of digital authentication by National Institute of Standards and Technology.
Available via: https://pages.nist.gov/800-63-3/
There are four volumes in this guideline. This tutorial is based on "SP 800-63B Authentica-
tion Lifecycle Management" .
Available via: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP .800-63b.pdf
Exercise 1 - 9: Individual exercises. Duration: 20 minutes. Your tutor will guide you through
finding answers from the guidelines
Exercise 10: Group exercise. Duration: 40 minutes. In this exercise, we want you to conduct the
following tasks. Each group will be allocated a sub-question (e.g., 10.1, 10.2 or 10.3)
•Discuss with your group members and provide your group answer on the slides shared by your
tutor: 15 min
•Present your answer to the class: 10 min
•Start writing your answer only for the Ex 10.3 on a paper: 15 min
(Note: This will be a practice for your exam, as it will be a pen & paper exam. Once you
have completed your answer, if required, hand it over to your tutor to get feedback.)
Exercise 1:
According to NIST Special Publication 800-63B;
1.1What is digital identity?
1.2 What does the process of Digital Authentication mean?
1.3 What is the main technical challenge in digital identity proofing?
Answer: Digital identity is the unique representation of a subject engaged in an online
transaction. Digital authentication process determines the validity of one or more authenti-
cators used to claim a digital identity.
The process of digital authentication always requires the authentication of individuals over
an open network. And often requires proofing of individuals over an open network. This
presents opportunities for attacks that can result in fraudulent claims of digital identities.
1