Automated deployment: Wed Dec 6 17:11:06 UTC 2023 17c64e2

nhsconnect · Dec 6, 2023 · c323981 · c323981
1 parent 2ff9aa4
commit c323981
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/session-management/index.html b/session-management/index.html
@@ -527,15 +527,15 @@ <h1 class="app-page-heading">
 <p><a href="https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-63c.pdf&amp;data=05%7C01%7Cbrendan.plant1%40nhs.net%7C331c3500f34d492d3ff808dad120bb8d%7C37c354b285b047f5b22207b48d774ee3%7C0%7C0%7C638052235748476884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=YrDvEUd%2FAdQcHwRpprfmxMBgjxb06Eau2v0D4gIK2zc%3D&amp;reserved=0">NIST 800- 63C Digital Identity Guidelines: Federation and Assertions (nist.gov)</a> is used to provide guidance around the NHS login use of and operation of OIDC, with further detail within the NHS login External Interface Specification.</p>
 <p><a href="https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-63b.pdf&amp;data=05%7C01%7Cbrendan.plant1%40nhs.net%7C331c3500f34d492d3ff808dad120bb8d%7C37c354b285b047f5b22207b48d774ee3%7C0%7C0%7C638052235748476884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=geXgNSYNrg9LvpDcD8%2BA%2F5tqwDQQTXDkPmixdrexW%2Fc%3D&amp;reserved=0">NIST 800-63B Digital Identity Guidelines: Authentication and Lifecycle Management (nist.gov)</a> is used to define the Authentication Assurance levels which support the operation of NHS login.  Where Authentication Solutions are used alongside NHS login, they should also meet an AAL level of 2.</p>
 <hr>
-<h2>Session Management and Refresh Tokens##</h2>
-<h1>Definitions</h1>
+<h2>Session Management and Refresh Tokens</h2>
+<h3>Definitions</h3>
 <ul>
 <li>Standalone web application - a partner's own independently accessed web application, intended for consumption by users via any web browser (regardless of device type)</li>
 <li>standalone mobile application - a partner's own independently accessed mobile application, intended for installation and consumption by users on a mobile phone or tablet device</li>
 <li>user-to-app authentication - a biometric or PIN prompt that validates repeat-access to a mobile application after a full authentication journey has been completed on initial access to the app. <br><br>Note: this is distinct from the action taken by the user to unlock their device. Although the application may use the same operating system-level mechanism to implement a biometrics or a PIN, this is an additional check after the user has unlocked the device</li>
 </ul>
 <hr>
-<h1>Guidance</h1>
+<h3>Guidance</h3>
  <br>
 <p><strong>A) For standalone web applications, and standalone mobile applications that do not implement user-to-app authentication:</strong>
 <br></p>