This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Level Of Assurance
Level Of Assurance

Version management

Difference between version and

At line 1 added 50 lines
!!! Overview
[{$pagename}] is [{$applicationname}]'s is a Generic page describing [{$pagename}].
[{$pagename}] is the degree of __[trust]__ that the [claim] presented has some [evidence] that it is [True]
[{$pagename}] ([LOA]) refers to the degree of [Assurance] that:
* the [entity] has been adequately verified during [Credential Enrollment] by a [Registration Authority] or [Identity Provider (IDP)] (called [Identity Proofing])
* the [Authenticator] being used for the [Authentication] process has not been compromised.
* the [claim] is [True]
* the [entity] indeed __owns and controls__ the [Claims] (or [credentials]) they presenting.
There ia an [IANA Registry] for [Level of Assurance (LoA) Profiles]
!! Specific [examples] of from [Specification] for [{$pagename}]
[{$pagename}] is a generic discussion and context is required for any formal discussion, but may be referring to any of the following Specifications:
* [M-04-04 Level of Assurance (LOA)]
* [Vectors of Trust]
* [NIST.SP.800-63] as proposed, three scores would be given:
** [NIST.SP.800-63A]- [Identity Assurance Level] ([IAL])
** [NIST.SP.800-63B] - [Authenticator Assurance Levels] ([AAL])
** [NIST.SP.800-63C] - [Federation Assurance Level] ([FAL]).
* [ISO 29115]
* [Verifiable Claims]
!! [{$pagename}] Changes
[NIST.SP.800-63] is the doc that defined [{$pagename}] M-04-04, E-Authentication Guidance for Federal Agencies, way back in [2003|Year 2003].
A major goal of [NIST.SP.800-63], the third iteration, is to fix the [{$pagename}] to make the concept more meaningful with modern identity processes for both government and the private sector.
Specifically, this new draft decoupled the [LOAs] into component parts, so that instead of a blanket number (e.g. [LOA 3]) an [authentication] initiative can be ranked as a one, two or three for one facet and a different level for another [Authentication Factor].
!! [Vectors of Trust]
[Vectors of Trust] is a desire to create a more inter-operable [{$pagename}].
!! [ISO 29115] [{$pagename}]
[ISO 29115] [{$pagename}] provides another form of [{$pagename}].
!! Traditional [{$pagename}]
This is based on the [NIST.SP.800-63] [M-04-04 Level of Assurance (LOA)] which was replaced by [Identity Assurance Level] ([IAL]) in [NIST.SP.800-63A]. We feel this represents a good real-world guide to build upon.
The requirements for the level of certainty or [Trust] at both ends of that set of transactions should be driven by a risk assessment based on the value of the [Protected Resource].
!! Maximum Potential Impact for each [Assurance Level]
The [Magnitude of the Potential loss] for different [Assurance Levels] when an [Unfortunate event] occurs is part of the [Risk Assessment]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop