...
- Identity vetting: how an end user demonstrates his/her identity at the time when s/he receives the authentication credential from his/her Home Organisation (e.g. by presenting government photo-id face-to-face at a registration desk or self-registration on-line with)
- authentication: how an end user proofs his/her identity when to his/her Home Organisation's Identity Provider server when s/he logs in (e.g. password or multi-factor authentication with a certificate or token)
More widely speaking, LevelLoA can also cover
- delivery of credentials to their holder
- revocation of credentials
- information security management of the Home Organisation
- Audits of the Home Organisation
Some people also count these in
- quality and freshness of user attributes (self-asserted by the user or Home Organisation vetted)
The intention is to collect SP communities' needs for the Level of Assurance (LoA) of the identity and authentication provided by research Home Organisations i.e. the universities or other institutes employing the researchers and assigning them user identities.
...