...
Motivation: The SP must operate in a world where not all IdPs can yet provide Silver assertions, and Silver-capable IdPs can't provide Silver assertions for all users/circumstances. In cases where lower LOA assertions are used, the SP restricts access/functionality and/or implements other compensating controls. The SP wants to get Silver assertions whenever possible. The SP can determine which IdPs are Silver-capable from metadata.
SP Strategy A: For IdPs that are Silver-capable according to metadata, the The SP includes http://id.incommon.org/assurance/silver and urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified in the SAML RequestedAuthnContext element. The IdP returns a SAML assertion containing http://id.incommon.org/assurance/silver in the AuthnContext when possible (i.e., the user is vetted at Silver and the authentication method is Silver), and otherwise returns a SAML assertion containing another AuthnContextClassRef value in the AuthnContext or returns an error. In other words, the IdP prefers to return Silver assertions when requested over other types of assertions. The SP checks to see if the assertion contains http://id.incommon.org/assurance/silver in the AuthnContext and the IdP has http://id.incommon.org/assurance/silver in its InCommon metadata. If the check passes, the SP considers the authentication to be at the Silver level. If not, the SP considers the authentication to be lower LOA.
...