Authentication – Level of Assurance

Authentication is the process of confirming an entity’s identity based on reliable credentials. The process and the technology involved in authentication varies with various level of assurance required from the entity.

Authentication Level of Assurance can be defined as the authentication strength required for a relying party to be assured that an entity is indeed who it claims to be. As part of an effort to create a set of criteria for levels of assurance, I want to find out existing assurance framework that exists today.

United States

Most online documentations refer to M-04-04 document published by Office of Management and Budget at the US Whitehouse. It identifies four levels of assurance –

  • Level 1: Little or no confidence in the asserted identity’s validity.
  • Level 2: Some confidence in the asserted identity’s validity.
  • Level 3: High confidence in the asserted identity’s validity.
  • Level 4: Very high confidence in the asserted identity’s validity.

Continue reading “Authentication – Level of Assurance”