Internet2 is investigating a security incident involving a compromise to a confluence server that affected on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email
Child pages
  • Rationale for Required and Desired Features in the IdP of Last Resort Working Group Report

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


a. This is a requirement for InCommon Bronze Identity Assurance profile, as well as the related Silver Profile and multi-factor authentication, if supported.

To support a higher level of assurance of identity for higher risk or higher value services, an SP needs a way to signal to the IdP that it needs a particular level of authentication. The Security Assertion Markup Language (SAML) protocol defines a way to signal the need for a specific authentication context. Requirement R4 obliges the IdP of Last Resort to support this part of the SAML protocol. When the US Government begins requiring Assurance profile support for credentials, the Identity Provider will be able to provide them.