jspωiki
Level Of Assurance

Overview#

Level Of Assurance is Ldapwiki's is a Generic page describing Level Of Assurance.

Level Of Assurance (LOA) refers to the degree of Assurance that:

There ia an IANA Registry for Level of Assurance (LoA) Profiles

Specific Specification for Level Of Assurance#

Level Of Assurance is a generic discussion and context is required for any formal discussion, but may be referring to any of the following Specifications:

Level Of Assurance Changes#

NIST.SP.800-63 is the doc that defined Level Of Assurance M-04-04, E-Authentication Guidance for Federal Agencies, way back in 2003. A major goal of NIST.SP.800-63, the third iteration, is to fix the Level Of Assurance to make the concept more meaningful with modern identity processes for both government and the private sector.

Specifically, this new draft decoupled the LOAs into component parts, so that instead of a blanket number (e.g. LOA 3) an authentication initiative can be ranked as a one, two or three for one facet and a different level for another Authentication Factor.

Vectors of Trust#

Vectors of Trust is a desire to create a more inter-operable Level Of Assurance.

ISO 29115 Level Of Assurance#

ISO 29115 Level Of Assurance provides another form of Level Of Assurance.

Traditional Level Of Assurance#

This is based on the NIST.SP.800-63 M-04-04 Level of Assurance (LOA) which was replaced by Identity Assurance Level (IAL) in NIST.SP.800-63A. We feel this represents a good real-world guide to build upon.

The requirements for the level of certainty or Trust at both ends of that set of transactions should be driven by a risk assessment based on the value of the Protected Resource.

Maximum Potential Impact for each Assurance Level#

The Magnitude of the Potential loss for different Assurance Levels when an Unfortunate event occurs is part of the Risk Assessment

More Information#

There might be more information for this subject on one of the following: