<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is [{$applicationname}]'s is a Generic page describing [{$pagename}]. 


[{$pagename}] is the degree of __[trust]__ that the [claim] presented has some [evidence] that it is [True]


[{$pagename}] ([LOA]) refers to the degree of [Assurance] that:
* the [entity] has been adequately verified during [Credential Enrollment] by a [Registration Authority] or [Identity Provider (IDP)] (called [Identity Proofing])
* the [Authenticator] being used for the [Authentication] process has not been compromised.
* the [claim] is [True]
* the [entity] indeed __owns and controls__ the [Claims] (or [credentials]) they presenting.

There ia an [IANA Registry] for [Level of Assurance (LoA) Profiles]

!! Specific [examples] of from [Specification] for [{$pagename}]
[{$pagename}] is a generic discussion and context is required for any formal discussion, but may be referring to any of the following Specifications:
* [M-04-04 Level of Assurance (LOA)]
* [Vectors of Trust]
* [NIST.SP.800-63] as proposed, three scores would be given: 
** [NIST.SP.800-63A]- [Identity Assurance Level] ([IAL])
** [NIST.SP.800-63B] - [Authenticator Assurance Levels] ([AAL]) 
** [NIST.SP.800-63C] - [Federation Assurance Level] ([FAL]).
* [ISO 29115]
* [Verifiable Claims]

!! [{$pagename}] Changes
[NIST.SP.800-63] is the doc that defined [{$pagename}] M-04-04, E-Authentication Guidance for Federal Agencies, way back in [2003|Year 2003].
A major goal of [NIST.SP.800-63], the third iteration, is to fix the [{$pagename}] to make the concept more meaningful with modern identity processes for both government and the private sector.

Specifically, this new draft decoupled the [LOAs] into component parts, so that instead of a blanket number (e.g. [LOA 3]) an [authentication] initiative can be ranked as a one, two or three for one facet and a different level for another [Authentication Factor].

!! [Vectors of Trust]
[Vectors of Trust] is a desire to create a more inter-operable [{$pagename}].

!! [ISO 29115] [{$pagename}]
[ISO 29115] [{$pagename}] provides another form of [{$pagename}].

!! Traditional [{$pagename}]
This is based on the [NIST.SP.800-63] [M-04-04 Level of Assurance (LOA)] which was replaced by [Identity Assurance Level] ([IAL]) in [NIST.SP.800-63A]. We feel this represents a good real-world guide to build upon.

The requirements for the level of certainty or [Trust] at both ends of that set of transactions should be driven by a risk assessment based on the value of the [Protected Resource]. 

!! Maximum Potential Impact for each [Assurance Level]
The [Magnitude of the Potential loss] for different [Assurance Levels] when an [Unfortunate event] occurs is part of the [Risk Assessment]


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>