Overview#
Level Of Assurance is Ldapwiki's is a Generic page describing Level Of Assurance.Level Of Assurance is the degree of trust that the claim presented has some evidence that it is True
Level Of Assurance (LOA) refers to the degree of Assurance that:
- the entity has been adequately verified during Credential Enrollment by a Registration Authority or Identity Provider (IDP) (called Identity Proofing)
- the Authenticator being used for the Authentication process has not been compromised.
- the claim is True
- the entity indeed owns and controls the Claims (or credentials) they presenting.
There ia an IANA Registry for Level of Assurance (LoA) Profiles
Specific examples of from Specification for Level Of Assurance#
Level Of Assurance is a generic discussion and context is required for any formal discussion, but may be referring to any of the following Specifications:- M-04-04 Level of Assurance (LOA)
- Vectors of Trust
- NIST.SP.800-63 as proposed, three scores would be given:
- ISO 29115
- Verifiable Claims
Level Of Assurance Changes#
NIST.SP.800-63 is the doc that defined Level Of Assurance M-04-04, E-Authentication Guidance for Federal Agencies, way back in 2003. A major goal of NIST.SP.800-63, the third iteration, is to fix the Level Of Assurance to make the concept more meaningful with modern identity processes for both government and the private sector.Specifically, this new draft decoupled the LOAs into component parts, so that instead of a blanket number (e.g. LOA 3) an authentication initiative can be ranked as a one, two or three for one facet and a different level for another Authentication Factor.
Vectors of Trust#
Vectors of Trust is a desire to create a more inter-operable Level Of Assurance.ISO 29115 Level Of Assurance#
ISO 29115 Level Of Assurance provides another form of Level Of Assurance.Traditional Level Of Assurance#
This is based on the NIST.SP.800-63 M-04-04 Level of Assurance (LOA) which was replaced by Identity Assurance Level (IAL) in NIST.SP.800-63A. We feel this represents a good real-world guide to build upon.The requirements for the level of certainty or Trust at both ends of that set of transactions should be driven by a risk assessment based on the value of the Protected Resource.
Maximum Potential Impact for each Assurance Level#
The Magnitude of the Potential loss for different Assurance Levels when an Unfortunate event occurs is part of the Risk AssessmentMore Information#
There might be more information for this subject on one of the following:- Acr_values
- Adaptive Risk
- An IANA Registry for Level of Assurance (LoA) Profiles
- Anonymous Identity
- Assurance
- Assurance Level
- Authentication
- Authentication Context Class
- Authentication Context Class Reference
- Authenticator Assurance Levels
- Authorization
- Authorization API
- Authorization Code Flow
- Binding
- Biometric Data Challenges
- Biometric Sample Processing
- Certificate Level Of Assurance
- Certificate Pinning
- Certificate-based Authentication
- Credential
- Cryptographic Hash Function
- Data Pedigree
- Demonstration of Proof-of-Possession
- Digital Identity
- Digital Signature
- Evaluation Assurance Level
- Evidence
- Federation Assurance Level
- ISO 29115
- Identification
- Identity Assurance
- Identity Assurance Framework
- Identity Assurance Level
- Identity Ecosystem Framework
- Identity Proofing
- Knowledge-Based Authentication
- LIGHTest
- LOA
- Level of Assurance (LoA) Profiles
- M-04-04 Level of Assurance (LOA)
- Multi-Factor Authentication
- Multiple-channel Authentication
- Mutual TLS Profiles for OAuth Clients
- NSA Suite B Cryptography
- National Strategy for Trusted Identities in Cyberspace
- Non-Repudiation
- OAuth 2.0 Client Types
- OpenAM
- OpenID Connect
- Protection API
- Token
- Trust Elevation
- Trusted network
- Untrusted network
- Vectors of Trust
- Web Blog_blogentry_060815_1
- Web Blog_blogentry_070817_1
- Why OAuth 2.0
- Why OpenID Connect
- Zero-knowledge proof