Introduction
In the context of SAML-based national identity federations there has been an increasing need for learning more about a user's Level of Assurance (LoA) when it comes to identity vetting and authentication security. A few national identity federations have started to introduce services that increase the LoA of a user. All such services known today work using a proxy architecture. There is a component (the proxy) inserted between the user's Identity Provider (IdP) and the Service Provider (SP) which requires LoA information. The proxy then intercepts the user's SAML assertion and forces the user to use a second authentication factor before he can proceed to the actual service that needs LoA information. In case of the SURFconext Strong Authentication service, not only the authentication security is increased but also the identity vetting strength, as it requires the user initially to go through an identity vetting process with in-personam passport validation.
While this proxy model has some advantages (scalable, easy deployment from SP perspective, no SP discovery needed), it also has some weaknesses that it share with all proxy models (IdP must trust proxy, conflict with data minimization). In this work we therefore would like to find out if an alternative approach making use of SAML Attribute Authority could also provide a solution, which shares some of the advantages of the proxy model but has a fewer weaknesses. Therefore, this document describes an Identity Assurance Service Attribute Authority.