NIST SP 800-63-4 · Aligned identity assurance
Measurable identity assurance, per operation.
IEAL classification maps capture, algorithm, and storage to a composite assurance level. Vendor-neutral, standards-first, publicly specified.
Three axes of assurance
Composable. Independent. Machine-verifiable.
Each axis scored independently, then composed into a single IEAL level a verifier can procure against. Full spec at spec.attestto.com/ieal.
Capture
Cryptographic attestation of the capture environment. Play Integrity, App Attest, hardware-bound keys. C0 (untrusted) through C2 (hardware-attested).
Algorithm
Presentation Attack Detection strength. Aligned with ISO/IEC 30107-3 and NIST 800-63A §3.13 (ProofBios). A0 through A4 (PAD L2 certified).
Storage
Where the subscriber-controlled witness resides. TPM, TEE, Secure Enclave, external hardware token. S0 through S4 (multi-party threshold recovery).
Composite IEAL
L0 to L6
A composite is only as strong as its weakest axis. The blue ramp indicates assurance intensity; it is a specification figure, not a CTA.
L4 approximates NIST IAL2 with the Biometric verification pathway satisfied. L6 satisfies a subset of NIST IAL3 controls (excluding on-site attended proofing). See the NIST crosswalk for the detailed mapping.
Deployment
Adaptive, vendor-neutral
Step up assurance only when the operation warrants it. Integrate any iBeta-certified PAD provider. No shadow vendor list.
Adaptive per-operation assurance
Step up to a higher IEAL only when the operation warrants it. A password reset is not a wire transfer. A view is not a signature.
Info. Assurance is requested per operation, not per session.
NIST 800-63-4 crosswalkVendor-neutral integration
Bring any iBeta-certified PAD provider. Attestto does not maintain a shadow vendor list. The public iBeta register is the authority. Vendor-neutrality is codified as §11 of the IEAL specification, and the SDK adapter pattern is open source.