The InCommon MFA Support Entity Attribute, identified by the URI http://xxxxxx, is used by Identity Providers to assert compliance with the criteria of the InCommon MFA Profile and the InCommon Base Level Profile.  The entity attribute is self-certified; federations may associate it with any IdP whose operator claims that compliance. 


The MFA Support Entity Attribute is intended to be used for the following purposes:

  1. As a filter for constructing an SP's discovery interface, when the SP will not accept authentication that does not meet the criteria of the InCommon MFA Profile.
  2. As evidence to increase an SP operator's confidence in MFA authentication performed by the IdP.
  3. To provide information that can be used by an SP to tailor its authentication flow to the capabilities of the IdP.