Assurance in identity management systems

Degree of identity assurance has been realized in several different approaches to authentication assurance frameworks; to become one of the parameters used in decision making about whether to grant or deny a service. However, current approaches do not look at diversity of authentication mechanisms, used for establishing the identity of a user, as an application to mitigate identity threats and consequently affects identity assurance in the authentication operation. This paper revisits the area of authentication assurance to present a framework for using identity assurance in the context of risk-based service provisioning. It demonstrates identity assurance in the authentication operation as being affected by the diversity of authentication mechanisms. By considering diversity in mechanisms, this framework gives service providers confidence that services are only restricted to users who have satisfied a certain degree of identity assurance, by going through a rigorous mechanism for establishing identity. Moreover, by giving a user different mechanisms to authenticate to different services, this work is useful for enabling users to separate between identities used for services accessing information of different levels of criticality.