...
There are several international standards for identity assurance, like NIST (US), STORK (Europe) and ISO29115. SURFconext Strong Authentication is based on ISO29115. The four levels of identity assurance commonly used are:
LoA 1 | Little or no confidence in the asserted identity |
LoA 2 | Some confidence in the asserted identity |
LoA 3 | High confidence in the asserted identity |
LoA 4 | Very high confidence in the asserted identity |
The different specifications elaborate on the meaning of these labels by specifying requirements for:
...
These risks must be assessed to be able to decide what level of assurance is needed for your service (see also SURFnet guidelines).
...