Overview#

Identity Assurance Level (IAL) is described in NIST.SP.800-63A as a category that conveys the degree of confidence (Assurance) that the applicant’s claimed identity is their real identity. (This is the definition of Authentication)

Identity Assurance Level describes the common pattern in which a subject (referred to as an applicant at this stage) undergoes an Identity Proofing and enrollment process in which their identity evidence and attributes are collected, uniquely resolved to a single identity within a given population or context, then validated and verified. A Credential Service Provider may then bind these attributes to an authenticator (described in NIST.SP.800-63B).

Identity Assurance Level as defined within NIST.SP.800-63A is lengthy and a bit complex. We provide only a short summary for and overview.
IALRequirement
IAL1The Credential Service Provider (CSP) SHALL NOT proof applicants. Applicants MAY self-assert zero or more attributes to the Credential Service Provider. See NIST.SP.800-63A Section 4.3
IAL2allows for remote or in-person Identity Proofing and supports a wide range of acceptable Identity Proofing techniques in order to increase user adoption, decrease false negatives (legitimate applicants that cannot successfully complete Identity Proofing), and detect to the best extent possible the presentation of fraudulent identities by a malicious applicant. A CSP MAY exceed these requirements. See NIST.SP.800-63A Section 4.4
IAL3 adds additional rigor to the steps required at IAL2, to include providing further evidence of superior strength, and is subjected to additional and specific processes, including the use of biometric data, to further protect the identity and Relying Party from impersonation, fraud, or other significantly harmful damages. In addition, Identity Proofing at IAL3 is performed in-person. See NIST.SP.800-63A Section 4.5 for more details. A CSP MAY exceed these requirements.

Trust Elevation#

Required increases in Identity Assurance Level is typically referred to as Trust Elevation

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-10) was last changed on 12-Nov-2017 20:09 by jim