|
The Kantara Initiative is committed to helping drive identity interoperability and compliance in order to better the identity-based experience of end users and deployers. As such, one of our key areas of focus is identity assurance where the Identity Assurance Work Group (IAWG) is driving the work of fostering adoption of identity credential services based on four distinct levels of assurance measured and validated in an open trust framework.
Certification Application Info
IAF Identity Assurance Levels: Snapshot View
| Assurance Level |
Example |
Assessment Criteria-Organization |
Assessment Criteria-Identity Proofing |
Assessment Criteria-Credential Mgmt |
| AL 1 |
Registration to a news website |
Minimal Organizational criteria |
Minimal criteria - Self assertion |
PIN and Password |
| AL 2 |
Change of address of record by a beneficiary |
Moderate organizational criteria |
Moderate criteria - Attestation of Govt ID |
Single factor; prove control of token through authentication protocol |
| AL 3 |
Access to an online brokerage account |
Stringent organizational criteria |
Stringent criteria - stronger attestation and verification of records |
Multi-factor auth: cryptographic protocol; "soft", "hard", or "OTP" tokens |
| AL 4 |
Dispensation of a controlled drug or $1M bank wire |
Stringent organizational criteria |
More stringent criteria - stronger attestation and verification |
Multi-factor auth w/ hard tokens only; crypto protocol w/ keys bound to auth process |
NOTE: Assurance level criteria as posited by the OMB M-04-04 and NIST Special Publication 800-63
The end goal of this activity is to provide public and private sector organizations with a uniform means of relying on digital credentials issued by a variety of identity assurance providers (credential service providers) in order to advance trusted identity and facilitate public access to online services and information. Interoperability of e-authentication systems, mutual acceptance of rules, policies and supporting business processes is critical to the cost-effective operation of safe and secure systems that perform essential electronic transactions and tasks across industry lines.
This program is based upon the Identity Assurance Framework (IAF), which was developed with input from members of the global financial services, government, healthcare, IT and telecom sectors. The primary governing documents of the IAF are:
The IAF describes the four unique NIST-based levels of assurance against which the Certification Program assesses and awards unique Grant of Rights to use the Kantara Initiative Mark™, this Mark being the principal form of recognition offered by the IAF (different Marks will be awarded to assessors and services, each specific to the level of assurance they are certified against).
An Assurance Review Board (ARB) effects oversight and processes all applications under the IAF. The ARB is comprised of representatives of the identity marketplace ecosystem. The charter of the ARB describes its function and processes.
In terms of services that will be certified, this program is technology agnostic---no specific requirements for technology protocol use are made of applicants. We anticipate certifying services created utilizing a wide variety of open/standard identity technology, including but not limited to XMPP extensions, ID-WSF, iNames, Information Cards, OAuth, OpenID, SAML, XDI, PKI , IGF, XRD, XACML, OPML, APML, RDF, RSS, MicroFormats, OATH, WS, XRI, activity streams, OpenSocial, Portable Contacts, CX, etc.
Our pilot program is currently enrolling participants. If you’d like to participate or have questions about this program, please contact staff AT kantarainitiative.org. |
