...
| Info |
|---|
The assurance levels applied within Skolfederation are under evaluation. |
An identity provider SHOULD support the release of identity assurance of subjects using the identifiers of the respective identity assurance profiles.
eduPersonAssurance attribute MUST be used.
Prior to the release of the SAML WebSSO Technology Profile 1.0.0, the transfer of an subject's level of assurance (LOA) was accomplished through the use of the authncontextclassref. However, if the eduPersonAssurance attribute is present, it supersedes the authncontextclassref. It is planned that in the future, the use of the LOA in the authncontextclassref attribute will be phased out.
Assurance Levels for Skolfederation
Currently, the trust levels "Basic" and "2FA" are applied within the School Federation.
Bas - approved member of the School Federation
Bas does not entail any other requirements than those that come with membership in the school federation.
Identifier: http://id.skolfederation.se/loa/bas
2FA – Two-factor authentication
The protection class for e-identities and issuance of identity certificates whose level of protection corresponds to the Swedish Data Protection Authority's requirements for strong authentication when an IT system is accessible via the Internet, and the system contains sensitive information. Skolfederation does not review compliance with the requirement; this is the responsibility of the school principal.
identifier: http://id.skolfederation.se/loa/2fa
AL1
To be announced.
AL2
To be announced.
AL3
To be announced.
Deprecated:
This section is no longer applicable and is only kept for historical reasons.
Currently, the assurance levels "Bas" and "2FA" are applied within Skolfederation. If no assurance level is sent in the AuthenticationContext element of the SAML Assertion, Bas level is implied.
...