Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Digital Identity Guidelines: Federation and Assertions [including updates as of 12-01-2017]

Published

Author(s)

Paul A. Grassi, Ellen M. Nadeau, Justin P. Richer, Sarah K. Squire, James L. Fenton, Naomi B. Lefkovitz, Jamie M. Danker

Abstract

This document and its companion documents, SP 800-63, SP 800-63A, and SP 800-63B, provide technical and procedural guidelines to agencies for the implementation of federated identity systems and for assertions used by federations. This publication supersedes corresponding sections of SP 800-63-2. These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. This guideline focuses on the use of federated identity and the use of assertions to implement identity federations. Federation allows a given credential service provider to provide authentication and (optionally) subscriber attributes to a number of separately-administered relying parties. Similarly, relying parties may use more than one credential service provider. [Supersedes SP 800-63C (June 2017): https://www.nist.gov/publications/digital-identity-guidelines-federation- and-assertions]
Citation
Special Publication (NIST SP) - 800-63C
Report Number
800-63C

Keywords

assertions, authentication, credential service provider, digital authentication, electronic authentication, electronic credentials, federations
Created December 1, 2017, Updated January 27, 2020