Federation Assurance Level

Active / In Use

Full Formal Attribute Name

nief:1.0:user:FederationAssuranceLevel

Abbreviated Formal Attribute Name

FederationAssuranceLevel

Definition

There are 3 Federation Assurance Levels representing the assurance level of the user's federated assertion: FAL1 (low assurance), FAL2 (moderate assurance), and FAL3 (high assurance) based on NIST SP 800-63-3.

Data Type

FAL Code

Version Number

1.0

Usage Information

IDPs should assert this for all assertions sent to RPs correctly identifying the level of assurance of the assertion. The RP can also derive the FAL if not asserted.

Example Content

FAL1, FAL2, FAL3

NIEM Xpath

N/A

NIEM Definition

N/A

Source

https://pages.nist.gov/800-63-3/sp800-63c.html#fal

Misc. Notes

If a RP ever derives a FAL that does not match the one the IDP asserted, they should consider the assertion at the lower of the two values, and may consider this an unrecoverable error condition requiring the IDP to be properly configured.

Aliases