IGTF Profiles of Authentication Assurance

The IGTF Authentication Profiles describe a technology-agnostic assurance level that represent the IGTF consensus on achievable trustworthy authentication seen from both the relying party pooint of view as well as being a feasible level for identity service providers to achieve for a variety of scenarios.
Traditionally assurance levels have been identified on a single scale. In terms of a single linear scale, relying parties have often considered authorities compliant with ASPEN (PKI implementation: SLCS), BIRCH (PKI implementation: MICS), or CEDAR (PKI implementation: Classic Secured) to be similar in terms of assurance level, and authorities compliant with DOGWOOD (PKI implementation: IOTA) to be different. In this document, several aspects are separated and relying parties may find more fine-grained controls.

Current version: 1.1 (endorsed by all PMAs):
Adobe PDF format
MS Word format
Managed by: EUGridPMA
Document revision history: https://www.eugridpma.org/guidelines/authn-assurance

Document identifier: urn:oid:1.2.840.113612.5.2.6.1

Assurance Profile ID	Policy identifier	Protocol-specific renderings
ASPEN	urn:oid:1.2.840.113612.5.2.5.1 https://igtf.net/ap/authn-assurance/aspen	PKI: SLCS SAML: AuthContextClass or eduPersonAssurance
BIRCH	urn:oid:1.2.840.113612.5.2.5.2 https://igtf.net/ap/authn-assurance/birch	PKI: MICS SAML: AuthContextClass or eduPersonAssurance
CEDAR	urn:oid:1.2.840.113612.5.2.5.3 https://igtf.net/ap/authn-assurance/cedar	PKI: Classic SAML: AuthContextClass or eduPersonAssurance
DOGWOOD	urn:oid:1.2.840.113612.5.2.5.4 https://igtf.net/ap/authn-assurance/dogwood	PKI: IOTA SAML: AuthContextClass or eduPersonAssurance

IGTF Home

About the IGTF

Member PMAs and Registries

Peer Organisations

Member Resources

Comments to info@igtf.net
Website hosted by Nikhef on mestkar,
subject to the Nikhef Privacy Notice
Last updated: October 2, 2017