2015-08-06#Open Trust Taxonomy for OAuth2 Work Group NIST special publication 800-63 SP-800-63 defines a linear scale Level Of Assurance (LoA) measure that combines multiple attributes about an identity transaction into a single measure of the level of trust a relying party should place on an identity transaction. Even though this definition was originally made for a specific government use cases, the LoA scale appeared to be applicable with a wide variety of authentication use cases. This has led to a proliferation of incompatible interpretations of the same scale in different trust frameworks, preventing interoperability between these frameworks in spite of their common measurement.
Since identity proofing strength increases linearly along with credential strength, the LoA scale is also too limited for describing many valid and useful forms of an identity transaction. For example, an anonymously assigned hardware token can be used in cases where the real world identity of the subject cannot be known or is verified through some out of band mechanism.
This work seeks to decompose the elements of the LoA values in a way that they can be independently communicated from an Identity Provider (IDP) to a Relying Party, making comparison between Trust Frameworks possible.