This appendix is informative. It provides an overview of the changes to SP 800-63C since its initial release.
Added discussion of equity considerations and requirements.
Established trust agreements and registration as discrete steps in the federation process.
All FALs have requirements around establishment of trust agreements and registration.
FAL definitions no longer have encryption requirements; encryption is triggered by passing PII in an assertion through an untrusted party regardless of FAL.
FAL2 requires injection protection.
FAL3 allows more general bound authenticators including RP-managed authenticators, in addition to classical holder-of-key.
Communication of IAL/AAL/FAL required.
Updated language to be more inclusive.
Added definition and discussion of RP subscriber accounts.
Added attribute provisioning models and discussion.