This appendix is informative.
This appendix provides an overview of the changes made to SP 800-63C since its initial release.
Establishes trust agreements and registration/discovery (key establishment) as discrete steps in the federation process.
All FALs have requirements around the establishment of trust agreements and registration.
FAL definitions no longer have encryption requirements. Rather, encryption is triggered by passing personal information in an assertion through an untrusted party, regardless of FAL.
FAL2 requires assertion injection protection.
FAL3 allows more general bound authenticators in addition to classical holder-of-key assertions, including RP-managed authenticators.
Requires communication of IAL/AAL/FAL.
Adds a definition for and discussion of RP subscriber accounts.
Adds RP subscriber account provisioning models and discussion.
Adds a subscriber-controlled wallet model with specific requirements separated from general-purpose IdPs.
Restructures core document sections to address common, general-purpose, and subscriber-controlled wallet requirements in separate sections.
Adds redress requirements for IdPs and RPs.
Adds enterprise and dynamic use cases throughout with explicit examples.