Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SURFsecureID expresses the strength of authentication and identity of the user in 4 levels of assurance. This is based on the assurance framework as described in ISO/IEC 29115 (similar to NIST Special Publication 800-63-1), but with a LoA 1.5 added.

Level of assuranceAuthentication AssuranceIdentity assuranceCharacteristics
LoA 1Username/passwordNo extra validation of the user's identityFor access to basic resources with little or no risk
LoA 1.5Username/password + second factor No extra validation of the user's identityProtects the user and resources from compromised passwords 
LoA 2Username/password + tiqr, SMS or AzureMFAThe identity of the user is validatedFor high level of confidence in the asserted identity. Often used for access to high risk resources
LoA 3Username/password + YubiKey or FIDO2The identity of the user is validatedSame as LoA2, but with more secure authentication methods.


A service or institution needs to choose which level of assurance is appropriate for protection. There are several ways a LoA can be requested for a specific service or part of a service.

Second Factor Only (SFO) authentication

...