IGTF Profiles of Authentication Assurance

The IGTF Authentication Profiles describe a technology-agnostic assurance level that represent the IGTF consensus on achievable trustworthy authentication seen from both the relying party pooint of view as well as being a feasible level for identity service providers to achieve for a variety of scenarios.
Traditionally assurance levels have been identified on a single scale. In terms of a single linear scale, relying parties have often considered authorities compliant with ASPEN (PKI implementation: SLCS), BIRCH (PKI implementation: MICS), or CEDAR (PKI implementation: Classic Secured) to be similar in terms of assurance level, and authorities compliant with DOGWOOD (PKI implementation: IOTA) to be different. In this document, several aspects are separated and relying parties may find more fine-grained controls.

  • Current version: 1.1 (endorsed by all PMAs):
    Adobe PDF format
    MS Word format
  • Managed by: EUGridPMA
  • Document revision history: https://www.eugridpma.org/guidelines/authn-assurance
  • Document identifier: urn:oid:1.2.840.113612.5.2.6.1
    Assurance Profile IDPolicy identifierProtocol-specific renderings
    ASPENurn:oid:1.2.840.113612.5.2.5.1
    https://igtf.net/ap/authn-assurance/aspen
    PKI: SLCS
    SAML: AuthContextClass or eduPersonAssurance
    BIRCHurn:oid:1.2.840.113612.5.2.5.2
    https://igtf.net/ap/authn-assurance/birch
    PKI: MICS
    SAML: AuthContextClass or eduPersonAssurance
    CEDARurn:oid:1.2.840.113612.5.2.5.3
    https://igtf.net/ap/authn-assurance/cedar
    PKI: Classic
    SAML: AuthContextClass or eduPersonAssurance
    DOGWOODurn:oid:1.2.840.113612.5.2.5.4
    https://igtf.net/ap/authn-assurance/dogwood
    PKI: IOTA
    SAML: AuthContextClass or eduPersonAssurance