This list offers appropriate sources for information relevant to the CIDPRO® Foundations exam to complement content covered in the IDPro® Body of Knowledge.
Assurance
Directive on Identity Management – Appendix A: Standard on Identity and Credential Assurance
[Canada] Government of Canada July 2019 https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32612
Digital Identity Guidelines
[SP 800-63-3] NIST Special Publication 800-63-3 June 2017 https://doi.org/10.6028/NIST.SP.800-63-3
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
[SP-800-37] NIST Special Publication 800-37r1 June 2014 https://doi.org/10.6028/NIST.SP.800-37r1
Authentication
Digital Identity Guidelines: Authentication and Lifecycle Management
[SP 800-63B] NIST Special Publication 800-63C – December 2017 https://doi.org/10.6028/NIST.SP.800-63b
Introduction to Public Key Technology and the Federal PKI Infrastructure
[SP 800-32] NIST Special Publication 800-32 – February 2001 https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151247
Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
[IETF RFC 4510] RFC 4510 – June 2006 https://tools.ietf.org/html/rfc4510
OpenID Connect Core 1.0 incorporating errata set 1
[OIDC] Sakimura, N., Bradley, B., Jones, M., de Medeiros, B., and C. Mortimore – November 2014 https://openid.net/specs/openid-connect-core-1_0.html .
Personal Identity Verification (PIV) of Federal Employees and Contractors
[FIPS 201-2] NIST FIPS Publication 201-2 – September 2013 https://doi.org/10.6028/NIST.FIPS.201-2
Biometric Data Specification for Personal Identity Verification
[SP 800-76-2] NIST Special Publication 800-76-2 – July 2013 https://doi.org/10.6028/NIST.SP.800-76-2
Authorization
The OAuth 2.0 Authorization Framework
[IETF RFC 6749] RFC 6749 – October 2012 https://tools.ietf.org/html/rfc6749
User-Managed Access (UMA) Profile of OAuth 2.0
Abstract: The weaknesses of many notice-and-consent paradigms of data privacy are clear. This article notes the social, legal and regulatory drivers and examines some approaches to satisfy them.
[KI UMA] Kantara Initiative UMA Recommendation – December 2015 https://docs.kantarainitiative.org/uma/rec-uma-core.html
Federation
OpenID Connect Core 1.0 incorporating errata set 1
[OIDC] Sakimura, N., Bradley, B., Jones, M., de Medeiros, B., and C. Mortimore – November 2014 https://openid.net/specs/openid-connect-core-1_0.html
Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0
[OASIS SAML 2] SAML 2.0 – March 2005 http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
Digital Identity Guidelines: Federation and Assertions
[SP 800-63C] NIST Special Publication 800-63C – December 2017 https://doi.org/10.6028/NIST.SP.800-63c
Lifecycle
Standard on Identity and Credential Assurance
[Canada] Government of Canada – July 2019 https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32612
Digital Identity Guidelines: Enrollment and Identity Proofing Requirements
[SP 800-63A] NIST Special Publication 800-63A – December 2017 https://doi.org/10.6028/NIST.SP.800-63a
Digital Identity Guidelines: Authentication and Lifecycle Management
[SP 800-63B] NIST Special Publication 800-63C – December 2017 https://doi.org/10.6028/NIST.SP.800-63b
System for Cross-domain Identity Management: Protocol
[IETF RFC 7644] RFC 7644 – September 2015 https://tools.ietf.org/html/rfc7644
System for Cross-domain Identity Management: Core Schema
[IETF RFC 7643] RFC 7643 – September 2015 https://tools.ietf.org/html/rfc7643
Terminology
Abstract: This article surveys the known standards for the purpose of collating and contrasting terminology defined.
Digital Identity Guidelines
[SP 800-63-3] NIST Special Publication 800-63-3 – June 2017 https://doi.org/10.6028/NIST.SP.800-63-3
An Ontology of Identity Credentials Part I: Background and Formulation
[SP 800-103] NIST Special Publication 800-103 (Draft) – October 2006. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906227
Security and Privacy — A Framework For Identity Management — Part 1: Terminology And Concepts – published
[ISO 24760-1] ISO/IEC 24760-1:2019 IT – 2019 https://webstore.ansi.org/Standards/ISO/ISOIEC247602019 $138
Core Resources:
NIST Digital Identity Guidelines: https://pages.nist.gov/800-63-3/
SP 800-63-3 Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3
SP 800-63A Enrollment and Identity Proofing – https://doi.org/10.6028/NIST.SP.800-63a
SP 800-63B Authentication and Lifecycle Management – https://doi.org/10.6028/NIST.SP.800-63b
SP 800-63C Federation and Assertions – https://doi.org/10.6028/NIST.SP.800-63c