InCommon and NIH have made progress toward federated access to select NIH applications based on university-based identity systems and user attributes. One of the next challenges comes from situations in which a particular institution meets InCommon criteria for stricter profiles of identity assurance in terms of its infrastructure and operations, while particular members of the institutional community may fit stricter or looser profiles in terms of identity proofing and the kinds of identity credentials they use for authentication. This situation will be real for a significant number of institutions.
The question becomes, given a SAML-based approach to Identity Provider/Service Provider (IdP/SP) interactions, how will the profile of identity assurance that applies in a given transaction be communicated from the IdP to the SP.