You are considering assurance levels of digital identity and digital authentication, which of the following avoids a false claimant using a credential that is not rightfully theirs?
A. Identity Assurance Levels (IAL)
B. Authenticator Assurance Levels (AAL)
C. Federation Assurance Levels (FAL)
D. Evaluation Assurance Levels (EAL)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Authenticator Assurance Levels (AAL).
A claimant is a subject whose identity is to be verified using one or more authentication protocols.
- IAL refers to the identity proofing process.
- AAL refers to the authentication process.
- FAL refers to the assertion protocol used in a federated environment to communicate authentication and attribute information (if applicable) to an RP.
- EAL refers to the extent to which an IT product or system meets the security functional and assurance requirements (SFRs and SARs) defined in the Common Criteria for Information Technology Security Evaluation (ISO 15408).