[DG-Concordia] AuthnContext & PAPE & ICAM
RL 'Bob' Morgan
rlmorgan at washington.edu
Mon Dec 14 17:08:43 EST 2009
> The LoA1 in OMB M-04-04 is somewhat unique to other levels because it
> requires Pseudonyms(PPIDs) and no personal identified information. Those
> policies are defined separately from the LoA1 policy and used by IDPs to
> generate response messages.
I am not sure what you mean by this. OMB 04-04 says that what it calls
"anonymous credentials" *may* be used with LoAs 1 and 2. The ICAM OpenID
profile says that PPIDs must be used, but also permits other personal
information to be requested by the RP and provided by the OP.
> If IDPs provide support more than one levels, stipulating a desired LoA
> makes sense but I haven't seen IDPs supporting multi-levels. RPs may be
> responsible to manage WLs for each levels to find IDPs to provide
> services they need.
We're expecting that the typical US higher-education IdP will support
multiple LoAs. It doesn't make sense to segregate populations into
separate IdPs by LoA. We're also expecting that RPs requiring LoA will
ask for the LoA they need, rather than having to configure IdPs to know
which RPs require what.
- RL "Bob"
More information about the DG-Concordia
mailing list