IGTF Authentication Profiles and LoA definitions

Taking the requirements of researchers and our relying parties - and matching them with the capabilities and requirements of our trusted identity authorities – the IGTF establishes the minimum requirements for the global trust fabric. These 'Authentication Profiles' form the basis for the accreditation of identity provisioning authorities in the IGTF Trust Fabric.

Classic authorities with secured infrastructure
Traditional credential authorities issue long-term credentials to end-entities who will themselves posses and control their key pair and their activation data. The identity of the subscribers is vetted through a face-to-face or equivalent process.
Member-Integated Credential Services
MICS X.509 Public Key Certification Authorities issue credentials to end-entities who themselves possess and control their key pair and activation data. The identity of subscribers is vetted through face-to-face or equivalent methods, and usually mediated through identity management systems or federated authentication mechanisms.
Short-Lived Credential Services
SLCS X.509 Public Key Certification Authorities (SLCS PKI CAs) issue short-term credentials to end-entities based on secondary identity management systems.
Identifier-Only Trust Assurance Profile
IOTA accredited authorities are credential-issuing authorities where the identity vetting is adequate to ensure unique, non-re-assigned identities, and generated by authorities using secured and trusted infrastructure. Such authorities are not required to collect more data than are necessary for fulfilling the uniqueness requirements, and credentials issued by authorities under this profile may not provide sufficient information to independently trace individual subscribers, and should be used in conjunction with complementary identification and vetting processes.
Hierarchically-upstream CA policy
This Authentication Profile describes the minimum requirements on higher-level CA certificates that are exclusively used to sign subordinate (end-entity issuing) CAs.
IGTF Levels of Authentication Assurance
The IGTF Authentication Profiles de-facto describe a technology-agnostic assurance level that represent the IGTF consensus on achievable trustworthy authentication seen from both the relying party pooint of view as well as being a feasible level for identity service providers to achieve for a variety of scenarios.

IGTF Home

About the IGTF

Member PMAs and Registries

Peer Organisations

Member Resources

Comments to info@igtf.net
Website hosted by Nikhef on mestkar,
subject to the Nikhef Privacy Notice
Last updated: May 10, 2016