NSIS settings - kmd-identity/documentation GitHub Wiki

It is possible for an application to specify a desired NSIS Level of Assurance (LoA).

NOTE: Even though the desired NSIS LoA has been specified, it is only the desired LoA and it must be verified in your application.

This cannot be requested for applications using Legacy Integration, the desired LoA for these is https://data.gov.dk/concept/core/nsis/loa/Substantial by default.

The LoA is calculated using three values:

• IAL the strength of the Identity proofing process.
• FAL the Assurance level of an Identity Broker that federates/claims an Identity to third parties.
• AAL the assurance level of combined Electronic Identification Means used in an Authentication.

It is the lowest level of these three that is the LoA in the token.

To request a specific level contact KMD Identity and supply:

• Either the client ID (OpenID) or relying party identifier (SAML) of your application

• The LoA desired level

  The levels are:

  • https://data.gov.dk/concept/core/nsis/loa/Low
  • https://data.gov.dk/concept/core/nsis/loa/Substantial
  • https://data.gov.dk/concept/core/nsis/loa/High

Read more about NSIS and LoA here.