...
There are several international standards for identity assurance, like NIST (US), STORK (Europe) and ISO29115. SURFconext Strong Authentication is SURFsecureID is based on ISO29115. The four levels of identity assurance commonly used are:
...
...
Both control measures are required to fulfill the requirements for LoA2 and LoA3 and are already in place in SURFconext Strong AuthenticationSURFsecureID.
| Anchor | ||||
|---|---|---|---|---|
|
SURFconext Strong Authentication solely SURFsecureID solely focuses on authentication LoA. No LoA is assigned to the attributes of the user's identity.
Several attributes provided by the IdP (e.g. first and last name, e-mail address) will be validated during registration and identification. In theory a LoA could be assigned to these attributes, which in attribute-based access control scenario’s could make authorization more reliable. There are however some arguments against doing this:
- Mixing attributes with different LoA’s is complex
- There is no suitable way to express differing LoA’s for attributes in SAML assertions
- The registration process will be more complex
Because of these arguments SURFconext Strong Authentication arguments SURFsecureID solely focuses on authentication LoA.
...