Definition
The InCommon MFA Support Entity Category, identified by the URI http://xxxxxx, is used by Identity Providers to assert compliance with the criteria of the InCommon MFA Profile and the InCommon Base Level Profile. [Do we want the base-level profile? I think it's needed for purpose 3 below.] The entity category is self-certified; federations may associate it with any IdP whose operator claims that compliance.
Purpose
The MFA Support Entity Category is intended to be used for the following purposes:
- As a filter for constructing an SP's discovery interface, when the SP will not accept authentication that does not meet the criteria of the InCommon MFA Profile.
- As evidence to increase an SP operator's confidence in MFA authentication performed by the IdP.
- To provide information that can be used by an SP to tailor its authentication flow to the capabilities of the IdP.