Identity Assurance Level IAL and
What is Identity Assurance Level (IAL) The NIST 800-63-3 publication defines Identity Assurance Level (IAL) as the robustness of the identity proofing process to confidently determine the identity of an individual. There are 3 different levels of IAL, viz. IAL1, IAL2, and IAL3. The 800-63-3 publication sets the requirements to achieve a given IAL. The three IALs reflect the options agencies or organizations may select in their respective environments to suit their risks. The risk being the potential harm that could be caused by an adversary making a successful false claim of an identity. The three IALs are as follows IAL1 : There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the authentication process are self-asserted or should be treated as such (including attributes a Credential Service Provider, or CSP, asserts to an RP). IAL2 : Evidence supports the real-world existence of the claimed identity and verifies tha