Levels of Assurance (LoA) represent graduated confidence levels in identityverification and trust decisions, acknowledging that security judgments are often not binary but exist on a spectrum of certainty appropriate to different risk contexts.
Related Concepts
No related concepts available
Comprehensive Explanation
Levels of Assurance
Conceptual Definition
Levels of Assurance (LoA) is a framework for expressing graduated confidence in identity verification, authentication, and trust decisions. Rather than treating security as a binary yes/no determination, LoA recognizes that trust decisions exist on a spectrum of certainty where different contexts require different degrees of confidence.
The core principle is that identity and trust decisions are judgment calls rather than absolute determinations. When a security decision cannot be reduced to a simple binary answer, implementing levels of assurance provides a structured way to calibrate trust appropriately to the risk level and context of the interaction.
Measurable criteria: Each level has defined requirements for identity proofing, authentication, and verification
Historical Context
Levels of Assurance emerged from the recognition that one-size-fits-all authentication is inadequate for diverse digital interactions. The concept was formalized in standards like:
NIST Special Publication 800-63: Digital Identity Guidelines establishing four Identity Assurance Levels (IAL1-4) and Authenticator Assurance Levels (AAL1-3)
eIDAS Regulation: European framework defining Low, Substantial, and High levels of assurance for electronic identification
ISO/IEC 29115: International standard for entity authentication assurance
Traditionally, LoA frameworks focused on identity proofing (verifying someone is who they claim to be) and authentication (verifying the person accessing a system is the claimed identity). These frameworks typically required:
Implementation Notes
Assurance Level Stratification
KERI implementations should clearly distinguish between:
Cryptographic assurance: Properties guaranteed by KERI protocol (high LoA)
Operational assurance: Properties dependent on implementation and human factors (variable LoA)
Operational identifiers: Medium security (hot wallets with MFA)
Ephemeral identifiers: Lower security for routine operations
The cryptographic chain maintains high assurance about delegation relationships even when delegated identifiers have lower operational security.
Trusted third parties to perform identity verification
Centralized identity providers to maintain assurance levels
Federation protocols to communicate assurance across domains
The limitation of traditional LoA is that it often conflates identity assurance with cryptographic security, treating them as a single dimension when they represent fundamentally different trust properties.
KERI's Approach
KERI implements a stratified assurance model that distinguishes between different types of trust properties and applies appropriate assurance levels to each:
High Assurance Cryptographic Layer
KERI provides high LoA for cryptographic operations that can be mathematically verified:
Cryptographic bindings between controllers and identifiers: The binding between an AID and its controlling key pairs is cryptographically verifiable with approximately 128 bits of entropy, providing extremely high assurance
Watcher validation: Watchers provide high-assurance verification of KEL consistency through ambient duplicity detection
These high-assurance properties are achieved through KERI's cryptographic root-of-trust and end-verifiable architecture, which eliminates reliance on trusted intermediaries.
Variable Assurance Human Factors
KERI acknowledges variable LoA for aspects that depend on human behavior and operational security:
Entropy management: The quality of randomness used in key generation depends on the entropy source and key management practices, which vary by implementation
Human behavioral trust: The security of private keys depends on how well humans preserve key material, which inherently has variable assurance
Privacy preservation: Individual practices around maintaining privacy have associated assurance levels that cannot be cryptographically guaranteed
This stratification is critical: KERI does not attempt to provide high LoA for properties that are fundamentally human-dependent. Instead, it provides the cryptographic infrastructure to support whatever LoA the human factors can achieve.
Separation of Concerns
KERI's architecture separates:
Attributional trust (cryptographic proof of "who said what"): High LoA through KERI protocol
Reputational trust (confidence in "who they are" in real-world terms): Variable LoA requiring identity assurance processes
This separation allows KERI to provide maximum cryptographic assurance for what can be cryptographically verified, while acknowledging that real-world identity binding requires additional processes with their own assurance levels.
Delegation and Assurance Propagation
KERI's delegation mechanism enables assurance level propagation through credential chains:
A root AID with high-security key management can delegate to AIDs with lower security
The cryptographic chain maintains high assurance about the delegation relationship
The operational security of delegated identifiers may have lower assurance
Verifiers can make risk-based decisions about which delegation chains to trust
This enables organizations to implement graduated security policies where high-value operations require high-assurance identifiers while routine operations can use more convenient but lower-assurance identifiers.
Practical Implications
Use Cases for Graduated Assurance
Financial Transactions: A banking application might require:
Medium LoA: Transferring funds between own accounts (stronger authentication)
High LoA: Wire transfers to external accounts (multi-factor authentication with high-assurance identity)
Healthcare Records: Medical systems might implement:
Low LoA: Scheduling appointments (basic identity)
Medium LoA: Viewing test results (verified identity)
High LoA: Authorizing treatment or accessing psychiatric records (strong identity proofing)
Government Services: Digital government might require:
Low LoA: Accessing public information (no authentication)
Medium LoA: Filing tax returns (verified identity)
High LoA: Applying for security clearances (in-person identity proofing)
Benefits of LoA Framework
Risk-appropriate security: Avoids over-securing low-risk interactions while ensuring high-risk transactions have adequate protection
User experience optimization: Low-risk interactions can use convenient authentication while high-risk operations justify additional friction
Regulatory compliance: Many regulations (GDPR, HIPAA, financial regulations) implicitly or explicitly require risk-based authentication
Cost efficiency: Organizations can allocate security resources proportionally to risk
Interoperability: Standardized LoA levels enable cross-domain trust decisions
Trade-offs and Considerations
Complexity vs. Security: Implementing multiple assurance levels increases system complexity. Organizations must balance the security benefits against operational overhead.
User Confusion: Users may not understand why different operations require different authentication methods. Clear communication about risk levels is essential.
Assurance Level Inflation: There's a tendency to require higher LoA than necessary, creating unnecessary friction. Proper risk assessment is critical.
Cryptographic vs. Operational Assurance: KERI's high cryptographic assurance doesn't automatically translate to high operational assurance. Organizations must implement appropriate key management practices to achieve the desired overall LoA.
Context Dependency: What constitutes "high assurance" varies by context. A high-assurance identity for online banking may not meet requirements for classified government systems.
Implementation Guidance
When implementing LoA in KERI-based systems:
Leverage KERI's high cryptographic assurance as the foundation
Implement appropriate identity proofing for the required reputational trust level
Use delegation strategically to create assurance hierarchies
Implement risk-based policies that map operations to required LoA
Monitor and audit to ensure assurance levels are maintained over time
The key insight is that KERI provides the cryptographic infrastructure to support any desired LoA, but achieving high overall assurance requires combining KERI's cryptographic guarantees with appropriate operational security and identity proofing processes.