Add identification means / authenticator assurance level

For some use cases it is important to know the security strength of the wallet/agent when applied to present credentials.

Common assessment criteria are available: [(EU) 2015/1502](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AJOL_2015_235_R_0002) lists requirements for identification means characteristics and design for eIDAS LoA Low/Substantial/High, where LoA High will be required for the EUDI Wallet. [Peer review](https://ec.europa.eu/digital-building-blocks/sites/display/EIDCOMMUNITY/Overview+of+pre-notified+and+notified+eID+schemes+under+eIDAS) feedback and related [Guidance documents](https://ec.europa.eu/digital-building-blocks/sites/display/EIDCOMMUNITY/Guidance+documents) provide common interpretations. [NIST SP 800-63B](https://pages.nist.gov/800-63-3/sp800-63b.html#sec4) specifies Authenticator Assurance Levels (AALs) in more concrete detail.

For example, the EUDI Wallet will require eIDAS LoA High, while webshop coupon issuers may find AAL1 sufficient.

I suggest to add one field for eIDAS:

- ID: `eidasMeansLoa` (eIDAS identification means level of assurance)
- Type: `low | substantial | high` as per 2015/1502

And one field for NIST:

- ID: `nistAal` (authenticator assurance level)
- Type: `1 | 2 | 3` as per SP 800-63B

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add identification means / authenticator assurance level #34

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add identification means / authenticator assurance level #34

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions