Introduction

The AAF assurance framework defines the level of trust established by the identity validation process and the relative strength of an authentication event. These activities attain values which indicate the thoroughness or strength of the activities, respectively. The validation token sent to the service includes these values to assert a user's identity assurance level to a service.

Details of the AAF assurance framework are here: https://aaf.edu.au/support/resources.html#aaf-assurance-framework.

Details

All accounts created within Virtual Home (VH) are assigned a maximum identity assurance value of one. VH currently has no provision for formally managing and recording the identity validation process necessary to assert the higher identity assurance levels. For services which can request a higher authentication assurance level, VH supports an authentication service MFA option, configurable on a group-by-group basis in the VH Dashboard.

The AAF strongly recommends that VH administrators take reasonable steps to confirm an invitee's identity. In practical terms, because they may be colleagues, the VH administrator may already know the person by sight, reputation or name. Otherwise, the steps to verify an invitee's identity may include cross-referencing details with the invitee's organisation personnel record, for instance: HR staff record, staff directory or the sighting of a staff ID card.

Links

The NIST Electronic Authentication Guideline – NIST SP 800-63-2 is the source of the AAF Assurance Framework.  The NIST guidelines form the basis of many assurance frameworks in use by international federations to ensure interoperability. https://csrc.nist.gov/publications/sp800.

AAF - Asserting the Assurance Framework https://support.aaf.edu.au/support/solutions/articles/19000036100.

Australian Government’s National eAuthentication Framework (NeAF) also adopts a similar model to the NIST framework https://www.dta.gov.au/our-projects/digital-identity/trusted-digital-identity-framework.