Internet2 is investigating a security incident involving a compromise to a confluence server that affected on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email
Child pages
  • eduPersonAssurance Draft Specification
Skip to end of metadata
Go to start of metadata

2.2.11. eduPersonAssurance (defined in eduPerson 2008xx); OID:

RFC 4512 definition


          NAME 'eduPersonAssurance'

          DESC 'eduPerson per Internet2 and EDUCAUSE'

          EQUALITY caseIgnoreMatch 

          SYNTAX '' ) 

Application utility class: extended; # of values: multi


Set of URIs that assert compliance with specific standards for identity assurance.


This multi-valued attribute represents identity assurance profiles (IAPs), which are the set of standards that are met by an identity assertion, based on the Identity Provider's identity management processes, the type of authentication credential used, the strength of its binding, etc. An example of such a standard is the InCommon Federation's proposed IAPs.

Those establishing values for this attribute should provide documentation explaining the semantics of the values.

As a multi-valued attribute, relying parties may receive multiple values and should ignore unrecognized values.

The driving force behind the definition of this attribute is to enable applications to understand the various strengths of different identity management systems and authentication events and the processes and procedures governing their operation and to be able to assess whether or not a given transaction meets the requirements for access.

Example applications for which this attribute would be useful

Determining strength of asserted identity for on-line transactions, especially those involving more than minimal institutional risk resulting from errors in authentication.

A system supporting access to grants management in order to provide assurance for financial transactions.

Example (LDIF Fragment)

eduPersonAssurance: urn:mace:incommon:IAQ:sample

Syntax: directoryString; Indexing: None recommended

  • No labels


  1. Just a very minor note: The relevant sections of RFC 2252 (referenced above) now seem to be in RFC 4512.

    1. Thanks. RFC updated.