In the case where the entity is a person, identity assurance is the level at which the credential being presented can be trusted to be a proxy for the individual to whom it was issued and not someone else.
In order to issue this assertion, the identity provider must first determine whether or not the claimant possesses and controls an appropriate token, using a predefined authentication protocol.
In most cases, however, it is not sufficient for the typical electronic credential (usually a basic user name and password pair or a digital certificate) to simply assert "I am who I say I am - believe me."
Four audiences are affected by the transaction—and the inherent trust therein: Different IdPs follow different policies and procedures for issuing electronic identity credentials.
GOV.UK Verify is a standards based, federated identity assurance service to support the digital transformation of central and local government.
[3] The US government first published a draft for an E-Authentication Federation Credential Assessment Framework (CAF) in 2003, with final publication in March 2005.
It defined a trust framework around the quality of claims issued by an IdP based on language, business rules, assessment criteria and certifications.
Several presentations on the application of the Identity Assurance Framework have been given by various organizations, including Wells Fargo[9] and Fidelity Investments,[10] and case studies about Aetna[11] and Citigroup[12] are also available.