Add identification means / authenticator assurance level #34
Labels
TBD
we can not solve this right now, but maybe in the future
Comments
maaikevanleuken
added
the
TBD
|
It might be good to discuss this at DICE and/or IIW, or in the SIG call. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For some use cases it is important to know the security strength of the wallet/agent when applied to present credentials.
Common assessment criteria are available: (EU) 2015/1502 lists requirements for identification means characteristics and design for eIDAS LoA Low/Substantial/High, where LoA High will be required for the EUDI Wallet. Peer review feedback and related Guidance documents provide common interpretations. NIST SP 800-63B specifies Authenticator Assurance Levels (AALs) in more concrete detail.
For example, the EUDI Wallet will require eIDAS LoA High, while webshop coupon issuers may find AAL1 sufficient.
I suggest to add one field for eIDAS:
eidasMeansLoa(eIDAS identification means level of assurance)low | substantial | highas per 2015/1502And one field for NIST:
nistAal(authenticator assurance level)1 | 2 | 3as per SP 800-63BThe text was updated successfully, but these errors were encountered: