An IANA Registry for Level of Assurance (LoA) Profiles
RFC 6711

Document Type RFC - Informational (August 2012; No errata)
Was draft-johansson-loa-registry (individual in sec area)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 6711 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Sean Turner
IESG note Tim Polk (tim.polk@nist.gov) is the document shepherd.
Send notices to tim.polk@nist.gov
Internet Engineering Task Force (IETF)                      L. Johansson
Request for Comments: 6711                                      NORDUNet
Category: Informational                                      August 2012
ISSN: 2070-1721

         An IANA Registry for Level of Assurance (LoA) Profiles

Abstract

   This document establishes an IANA registry for Level of Assurance
   (LoA) Profiles.  The registry is intended to be used as an aid to
   discovering such LoA definitions in protocols that use an LoA
   concept, including Security Assertion Markup Language (SAML) 2.0 and
   OpenID Connect.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6711.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Johansson                     Informational                     [Page 1]
RFC 6711                      LoA Registry                   August 2012

Table of Contents

   1. Introduction ....................................................2
   2. Name of Registry ................................................3
   3. Registration Template ...........................................3
      3.1. Example Registration .......................................4
      3.2. Note on the Example ........................................5
   4. Registration Policy .............................................5
      4.1. Reviewer Expectations ......................................5
   5. Registry Semantics ..............................................6
   6. IANA Considerations .............................................6
   7. Security Considerations .........................................7
   8. Acknowledgements ................................................7
   9. References ......................................................7
      9.1. Normative References .......................................7
      9.2. Informative References .....................................7

1.  Introduction

   This document establishes an IANA registry for Level of Assurance
   (LoA) Profiles.

   [SAML] provides the following definition of the concept of "level of
   assurance":

      Many existing (and potential) SAML federation deployments have
      adopted a "levels of assurance" (or LOA) model for categorizing
      the wide variety of authentication methods into a small number of
      levels, typically based on some notion of the strength of the
      authentication.  Federation members (service providers or "relying
      parties") then decide which level of assurance is required to
      access specific protected resources, based on some assessment of
      "value" or "risk".

   Another definition of an "assurance level" is given in RFC 4949
   [RFC4949], which also identifies the roots of such profiles in the
   NIST special publication series, in particular SP 800-63 [SP63].
   Level of Assurance Profiles are used in various protocols, including
   the Security Assertion Markup Language (SAML) version 2.0 and OpenID
   Connect.

   Several so-called trust frameworks and identity federations now
   exist, some of which define one or more LoAs.  The purpose of this
   specification is to create an IANA registry where such LoA
   definitions can be discovered.  While the quote above references
   SAML, the notion of a level of assurance has gained widespread
   acceptance and should be treated as a protocol-independent concept.
   The newly created IANA registry attempts to reflect this.

Johansson                     Informational                     [Page 2]
Show full document text