Identity Assurance Profiles Standard

Purpose

Establish multiple levels of assurance for electronic identities, with attributes and requirements for their issuance. Multiple levels are needed to conduct the varied functions of the university, but can be handled without subjecting all users to the most rigorous levels of security.

Scope:

All electronic identities and accounts issued and maintained through the university’s IdM Directory Registry and GatorLink Account processes.

Standard:

See the chart at the bottom of this document for the minimal attribute requirements for all each Identity Assurance Profile (IAP) defined in this standard.

Identity Assurance Profiles (IAPs)

UF Silver Affiliate

UF Silver offers a high level of assurance that an identity maps to the appropriate person and is intended to comply with requirements for the NIST Level of Assurance 2. Passwords for UF Silver identities must comply with GatorLink Password Management Policy level P4 as defined in the aforementioned policy. Only qualified faculty, staff, students and workforce members as defined in the UF Silver Registration Proofing Procedure may be assigned a UF Silver profile.

UF IdM Coordinators serving as Registration Authorities must verify a person’s identity in person and with the established ‘document required attributes’ before granting a UF Silver profile credential.

UF Bronze Affiliate

UF Bronze is the preferred profile for active students, employees, and workforce members. The individual must have the minimal attributes for Bronze and is intended to comply with requirements for the NIST Level of Assurance 1. Passwords for UF Bronze must comply with any level of the GatorLink Password Management Policy.

No in-person review of the credential is required for UF Bronze.

UF Basic Affiliate

Basic Affiliate level is asserted for all active members of the university community who, by virtue of UF entered directory affiliations and the minimal attributes for this IAP, are considered well known enough to the institution to enable Basic access for GatorLink. In these cases, the user is known by virtue of a UF application system or by an IdM Coordinator. Examples include student applicants, library patrons, and other affiliates. This level is also assigned to students and workforce members who do not have the minimal attributes available for the Bronze profile.

UF Self-Asserted

Self-Asserted level is granted to people who may need to obtain a GatorLink ID for the mutual benefit of UF and the account holder. The individual has used a UF interface to assert their identity through an online automated interface without vetting from UF representatives. It is used to register for various activities offered through the Learning Support System and for initial contact with UF Applicants for admission. Examples include registrants in non-credit distance learning activities or extension service programs.

UF Guest

UF Guest is a short-term temporary access level, for visitors to the UF campus who require temporary access to minimal services. Guests are not eligible for a permanent GatorLink ID and not listed in the IdM directory registry. Examples are seminar participants needing Internet access.

Guest identities are not eligible for promotion to any other IAP.

Minimal Attributes Required for Each IAP

UF Silver UF Bronze UF Basic UF Self-Asserted UF Guest
Business
Name

X

X

X

X

X

UFID Number

X

X

X

X

X

Date of
Birth

X

X

X

X

UF business email
address

X

X

X

X

X

Workplace phone
number
Employees Employees
Workplace street
address
Employees Employees
Permanent or local street address Students & non-employees Students & non-employees
Social Security Number OR Passport number

X

X

References:

  • IDXXX Identity Management Policy
  • NIST 800-63 Electronic Authentication Guideline
  • InCommon Identity Assurance Profiles (Bronze & Silver) 1.1
  • Federal Identity, Credentialing and Access Management Trust Framework Provider for Adoption Process (TFPAP) For Levels of Assurance 1, 2, and Non-PKI 3 Version 1.0.1
  • UF Silver Registration Proofing Procedure