Identity Federation

The trust placed in IdPs can be measured through the following concepts:

1. Identity Assurance Levels (IALs): The degree of confidence in the accuracy and legitimacy of a user's identity during the identity proofing process with the following levels:

   • IAL1: Self-asserted identity with email/phone verification.

   • IAL2: Verified identity through methods like eKYC providers.

   • IAL3: High-confidence identity proofing through in-person verification.

2. Authentication Assurance Levels (AALs): The strength of the authentication process used by IdPs to verify the user’s identity.AALs are categorized into three levels:

   • AAL1: Single-factor authentication (e.g., password).

   • AAL2: Multi-factor authentication (e.g., password + one-time passcode).

   • AAL3: High-assurance multi-factor authentication (e.g., biometrics + hardware token).

3. Federation Assurance Levels (FALs): The trust and security levels between IdPs and applications or services when sharing digital identity information.

   • FAL1: Minimal verification, appropriate for low-risk services (e.g., basic login with username/password).

   • FAL2: Moderate verification, used for medium-risk transactions (e.g., eKYC, MFA).

   • FAL3: Rigorous verification is required for high-risk or sensitive data exchanges (e.g., biometrics, hardware tokens, encrypted communication).