Document status: Working draft
The common Level of Assurance metric like in NIST SP 800-63 and Kantara IAF was conceived for a specific legal, technical and business context and does not fulfill the requirements for a comprehensive identity assurance metric. The requirements for a more complete metric are to communication the assurance level in public and private sectors, PKI and non-PKI technologies, and serve providers and users.
The LoA is focused on the trust relationship between Relying Party and Identity Provider, implying a backing trust relationship between IdP and Subscriber/User.
The qualities that need to be assured are information security and privacy, according to the scope of the TFMM. The Relying Party perspective is usually depicted with the LoA. The following picture shows LoA and an alternative model based on credential life and usage cycles.
