Appropriate Access: Levels of Assurance

Published:: Thursday, February 14, 2008
: Presentations and Seminars

Author(s) and Contributors:: Speaker(s): David Wasley Stefan Wahe

Source(s) and Collection(s):: Presentation(s): EDUCAUSE Grant Programs (CAMP)

ParentTopics:: Access Control Identity and Access Management Security Risk Management

Abstract

A level of assurance (LoA) refers to the degree of certainty that (1) a resource owner has that a person's physical self has been adequately verified before credentials are issued by a registration authority, and (2) a user indeed owns the credentials they are subsequently presenting to access the resource. The requirements for the level of certainty at both ends of that set of transactions should be driven by a risk assessment based on the value of the resources being protected. This session will describe the concept of LoA, discuss its importance, outline its technical components, and discuss the proposition that roles of the identity management and security staff are critical for a successful implementation of LoA.

Download Resources

Download File
Appropriate Access: Levels of Assurance
Download File
InCommon Identity Assurance Profiles