This list offers appropriate sources for information relevant to the CIDPRO® Foundations exam to complement content covered in the IDPro® Body of Knowledge.

 


Assurance

Directive on Identity Management – Appendix A: Standard on Identity and Credential Assurance

[Canada]     Government of Canada     July 2019   https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32612

Digital Identity Guidelines

[SP 800-63-3] NIST Special Publication 800-63-3 June 2017 https://doi.org/10.6028/NIST.SP.800-63-3    

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

[SP-800-37] NIST Special Publication 800-37r1 June 2014 https://doi.org/10.6028/NIST.SP.800-37r1    

 


Authentication

Digital Identity Guidelines: Authentication and Lifecycle Management

[SP 800-63B] NIST Special Publication 800-63C – December 2017 https://doi.org/10.6028/NIST.SP.800-63b    

Introduction to Public Key Technology and the Federal PKI Infrastructure

[SP 800-32] NIST Special Publication 800-32 – February 2001 https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151247    

Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map

[IETF RFC 4510] RFC 4510 – June 2006 https://tools.ietf.org/html/rfc4510    

OpenID Connect Core 1.0 incorporating errata set 1

[OIDC] Sakimura, N., Bradley, B., Jones, M., de Medeiros, B., and C. Mortimore – November 2014 https://openid.net/specs/openid-connect-core-1_0.html .   

Personal Identity Verification (PIV) of Federal Employees and Contractors

[FIPS 201-2] NIST FIPS Publication 201-2 – September 2013 https://doi.org/10.6028/NIST.FIPS.201-2    

Biometric Data Specification for Personal Identity Verification

[SP 800-76-2] NIST Special Publication 800-76-2 – July 2013 https://doi.org/10.6028/NIST.SP.800-76-2     

 


Authorization

The OAuth 2.0 Authorization Framework

[IETF RFC 6749] RFC 6749 – October 2012 https://tools.ietf.org/html/rfc6749    

User-Managed Access (UMA) Profile of OAuth 2.0

Abstract: The weaknesses of many notice-and-consent paradigms of data privacy are clear. This article notes the social, legal and regulatory drivers and examines some approaches to satisfy them.

[KI UMA] Kantara Initiative UMA Recommendation – December 2015 https://docs.kantarainitiative.org/uma/rec-uma-core.html    

 


Federation

OpenID Connect Core 1.0 incorporating errata set 1

[OIDC] Sakimura, N., Bradley, B., Jones, M., de Medeiros, B., and C. Mortimore – November 2014 https://openid.net/specs/openid-connect-core-1_0.html    

Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0

[OASIS SAML 2] SAML 2.0 – March 2005 http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf   

Digital Identity Guidelines: Federation and Assertions

[SP 800-63C] NIST Special Publication 800-63C – December 2017 https://doi.org/10.6028/NIST.SP.800-63c     

 


Lifecycle

Standard on Identity and Credential Assurance

[Canada] Government of Canada – July 2019 https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32612 

Digital Identity Guidelines: Enrollment and Identity Proofing Requirements

[SP 800-63A] NIST Special Publication 800-63A – December 2017 https://doi.org/10.6028/NIST.SP.800-63a    

Digital Identity Guidelines: Authentication and Lifecycle Management

[SP 800-63B] NIST Special Publication 800-63C – December 2017 https://doi.org/10.6028/NIST.SP.800-63b    

System for Cross-domain Identity Management: Protocol

[IETF RFC 7644]   RFC 7644  – September 2015 https://tools.ietf.org/html/rfc7644 

System for Cross-domain Identity Management: Core Schema

[IETF RFC 7643]   RFC 7643 – September 2015 https://tools.ietf.org/html/rfc7643 

 


Terminology

Abstract: This article surveys the known standards for the purpose of collating and contrasting terminology defined.

Digital Identity Guidelines

[SP 800-63-3] NIST Special Publication 800-63-3 – June 2017 https://doi.org/10.6028/NIST.SP.800-63-3   

An Ontology of Identity Credentials Part I: Background and Formulation

[SP 800-103] NIST Special Publication 800-103 (Draft) – October 2006. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906227    

Security and Privacy — A Framework For Identity Management — Part 1: Terminology And Concepts – published

[ISO 24760-1] ISO/IEC 24760-1:2019 IT – 2019 https://webstore.ansi.org/Standards/ISO/ISOIEC247602019 $138

 


Core Resources:

NIST Digital Identity Guidelines: https://pages.nist.gov/800-63-3/ 

SP 800-63-3 Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3 

SP 800-63A Enrollment and Identity Proofing – https://doi.org/10.6028/NIST.SP.800-63a 

SP 800-63B Authentication and Lifecycle Management – https://doi.org/10.6028/NIST.SP.800-63b 

SP 800-63C Federation and Assertionshttps://doi.org/10.6028/NIST.SP.800-63c