The InCommon MFA Support Entity Attribute, identified by the URI http://xxxxxx, is used by Identity Providers to assert compliance with the criteria of the InCommon MFA Profile and the InCommon Base Level Profile. The entity attribute is self-certified; federations may associate it with any IdP whose operator claims that compliance.
The MFA Support Entity Attribute is intended to be used for the following purposes:
- As a filter for constructing an SP's discovery interface, when the SP will not accept authentication that does not meet the criteria of the InCommon MFA Profile.
- As evidence to increase an SP operator's confidence in MFA authentication performed by the IdP.
- To provide information that can be used by an SP to tailor its authentication flow to the capabilities of the IdP.