DRAFT, with many questions
Technical implementation of assurance requires system changes from InCommon OpsOperations, IdPs, and SPs. There are many different scenarios and choices.
InCommon metadata management
InCommon Ops Operations will add IAQs to the published metadata following notification of certification by InCommon management. These will apply to the relevant IdP entries of the certified IdPOs. IAQ URIs are:
Silver: <something><still TBD by InCommon TAC>
Bronze: <something><still TBD by InCommon TAC>
SP behavior
Ideally SPs will initiate the assurance flow by including the desired IAQ in the SAML AuthnRequest element.
...
SPs will use local policy to decide how to handle incoming IAQs. For example if the SP requires InCommon Bronze but receives InCommon Silver that should be acceptable.
IdP behavior
Ideally IdPs will receive a desired IAQ from an SP in an AuthnRequest to initiate the process. The IdP deals with the requested IAQ and matching rule and interacts with the local IdM system to determine if the user at hand meets the requirements. If so the appropriate IAQ is returned in the AuthnContext element in the assertion.
...