Abstract
A level of assurance (LoA) refers to the degree of certainty that (1) a resource owner can assume a specific known physical person is associated with credentials issued by a registration authority, and (2) that physical person presented credentials before attempting to access the resource. The requirements for the level of certainty at both ends of that set of transactions should be driven by a risk assessment based on the value of the resources being protected. This session will describe the concept of LoA, outline its general components, and discuss how PKI can fit into a successful implementation of LoA.