IGTF Profiles of Authentication Assurance
The IGTF Authentication Profiles describe a technology-agnostic assurance level that represent the IGTF consensus on achievable trustworthy authentication seen from both the relying party pooint of view as well as being a feasible level for identity service providers to achieve for a variety of scenarios.
Traditionally assurance levels have been identified on a single scale. In terms of a single linear scale, relying parties have often considered authorities compliant with ASPEN (PKI implementation: SLCS), BIRCH (PKI implementation: MICS), or CEDAR (PKI implementation: Classic Secured) to be similar in terms of assurance level, and authorities compliant with DOGWOOD (PKI implementation: IOTA) to be different. In this document, several aspects are separated and relying parties may find more fine-grained controls.
- Current version: 1.1 (endorsed by all PMAs):
Adobe PDF format
MS Word format - Managed by: EUGridPMA
- Document revision history: https://www.eugridpma.org/guidelines/authn-assurance
- Document identifier: urn:oid:1.2.840.113612.5.2.6.1
Assurance Profile ID Policy identifier Protocol-specific renderings ASPEN urn:oid:1.2.840.113612.5.2.5.1
https://igtf.net/ap/authn-assurance/aspenPKI: SLCS
SAML: AuthContextClass or eduPersonAssuranceBIRCH urn:oid:1.2.840.113612.5.2.5.2
https://igtf.net/ap/authn-assurance/birchPKI: MICS
SAML: AuthContextClass or eduPersonAssuranceCEDAR urn:oid:1.2.840.113612.5.2.5.3
https://igtf.net/ap/authn-assurance/cedarPKI: Classic
SAML: AuthContextClass or eduPersonAssuranceDOGWOOD urn:oid:1.2.840.113612.5.2.5.4
https://igtf.net/ap/authn-assurance/dogwoodPKI: IOTA
SAML: AuthContextClass or eduPersonAssurance