ID proofing acquaintances

[jimfenton]

(Submitted by MITRE)

In 800-63A Sections 4 and 5:

The document does not address the scenarios where a credential is issued to an applicant whom the issuer knows personally.

Where federation still does not exist, credentials (most often usernames and passwords) for RPs must be issued. Often [trusted] sponsors intervene in vouching for the identities of these applicants. Sponsor familiarity with the applicant can vary from having known a coworker, for example, for years, to receiving an email request from someone unknown but in the same organization.