AAF Boost‎ > ‎

Operating at LoA2

Do you understand the requirements of operating at LoA2?

At Level 2 organisations providing identity to the federation must do significantly more to issue a LoA2 to a user in both the Identity verification and the Tokens and token and credential management areas. A requirements check list is provided in the AAF Assurance Framework.

Some pointers that may assist your organisation achieving level 2;
  • Not all users need to be issues with LoA2, you can limit it to only those that use services that require it;
  • Use the Extended Compliance Statement Template when submitting your yearly compliance statement;
  • You must provide a copy of your institution’s practice statement detailing the Identity processes in use;
With these items place your organisation may begin issuing Level 2 Assurance.

                    NIST Electronic Authentication Guideline, NIST SP - 800-63-2
                           Extended Compliance Statement Template