Directive on Identity Management - Appendix A: Standard on Identity and Credential Assurance

Date modified: 2019-07-01

More information

Directive:

Identity Management, Directive on

Guidelines:

Terminology:

Glossary

Hierarchy

Authentication Requirements, Guideline on Defining
- Directive on Identity Management - Appendix A: Standard on Identity and Credential Assurance
Identity Assurance, Guideline on
- Directive on Identity Management - Appendix A: Standard on Identity and Credential Assurance
Identity Management, Directive on
- Directive on Identity Management - Appendix A: Standard on Identity and Credential Assurance

View complete hierarchy

Note to reader

The Standard on Identity and Credential Assurance took effect on July 1, 2019. It replaced the Standard on Identity and Credential Assurance that was in effect from February 1, 2013 to June 30, 2019.

Appendix A. Standard on Identity and Credential Assurance

A.1 Effective date

A.1.1This standard takes effect on July 1, 2019.
A.1.2This standard replaces the Standard on Identity and Credential Assurance, dated February 1, 2013.

A.2 Standards

A.2.1This standard provides details on the requirements set out in subsection 4.1.7 of the Directive on Identity Management.
A.2.2Standards are as follows:
Identity assurance levels
- A.2.2.1Level 4: very high confidence required that an individual is who they claim to be;
- A.2.2.2Level 3: high confidence required that an individual is who they claim to be;
- A.2.2.3Level 2: some confidence required that an individual is who they claim to be; and
- A.2.2.4Level 1: little confidence required that an individual is who they claim to be.
Credential assurance levels
- A.2.2.5Level 4: very high confidence required that an individual has maintained control over a credential that has been entrusted to them and that the credential has not been compromised;
- A.2.2.6Level 3: high confidence required that an individual has maintained control over a credential that has been entrusted to them and that the credential has not been compromised;
- A.2.2.7Level 2: some confidence required that an individual has maintained control over a credential that has been entrusted to them and that the credential has not been compromised;
- A.2.2.8Level 1: little confidence required that an individual has maintained control over a credential that has been entrusted to them and that the credential has not been compromised.
A.2.3The minimum requirements for establishing an identity assurance level are shown in Table 1.
- A.2.3.1Ensure that the minimum requirements are met, or appropriately manage the related risks.

**Table 1: minimum requirements for establishing an identity assurance level**
Requirement	Level 1	Level 2	Level 3	Level 4
Uniqueness	Define identity information Define context
Evidence of identity	No restriction on what is provided as evidence	One instance of evidence of identity	Two instances of evidence of identity (at least one must be foundational evidence of identity)	Three instances of evidence of identity (at least one must be foundational evidence of identity)
Accuracy of identity information	Acceptance of self-assertion of identity information by an individual	Identity information acceptably matches assertion by an individual and evidence of identity, and Confirmation that evidence of identity originates from an appropriate authority	Identity information acceptably matches assertion by an individual and all instances of evidence of identity, and Confirmation of the foundational evidence of identity, using an authoritative source, and Confirmation that supporting evidence of identity originates from an appropriate authority, using an authoritative source Whenever any of the above cannot be applied: inspection by trained examiner
Linkage of identity information to individual	No requirement	No requirement	At least one of the following: knowledge-based confirmation biological or behavioural characteristic confirmation trusted referee confirmation physical possession confirmation	At least three of the following: knowledge-based confirmation biological or behavioural characteristic confirmation trusted referee confirmation physical possession confirmation

A.2.4Assurance levels for trusted digital identities when participating in an approved trust framework are as follows:
- A.2.4.1Level 4: very high confidence required in the electronic representation of a person, used exclusively by that same person;
- A.2.4.2Level 3: high confidence required in the electronic representation of a person, used exclusively by that same person;
- A.2.4.3Level 2: some confidence required in the electronic representation of a person, used exclusively by that same person; and
- A.2.4.4Level 1: little confidence required in the electronic representation of a person, used exclusively by that same person.

Expand all Collapse all

Report a problem or mistake on this page

Date modified:: 2017-08-24

Search and menus

Search