This appendix is informative. It provides an overview of the changes to SP 800-63C since its initial release.
Added discussion of equity considerations and requirements.
Established trust agreements and registration/discovery (key establishment) as discrete steps in the federation process.
All FALs have requirements around establishment of trust agreements and registration.
FAL definitions no longer have encryption requirements; encryption is triggered by passing PII in an assertion through an untrusted party regardless of FAL.
FAL2 requires injection protection.
FAL3 allows more general bound authenticators including RP-managed authenticators, in addition to classical holder-of-key assertions.
Communication of IAL/AAL/FAL required.
Updated language to be more inclusive.
Added definition and discussion of RP subscriber accounts.
Added attribute provisioning models and discussion.
Subscriber-controlled wallet model added, with specific requirements separated from general-purpose IdPs.
Restructured core document sections to address common, general-purpose, and subscriber-controlled wallet requirements in separate sections.
Redress requirements for IdPs and RPs added.
Enterprise and dynamic use cases added throughout, with explicit examples.