To LOA or not to LOA (for Attributes)... NOT!

At both the recent ISOC sponsored Attribute Workshop as well as the Attribute Management Panel at the NSTIC/IDTrust Workshop today, multiple people used the term "LOA of Attributes".  I protest (protested?) this potentially confusing use of the term in this context.

The term Level of Assurance (LOA), as currently used is all about assurances of identity. In particular, within the context of OMB-04-04 (PDF) and NIST SP-800-63 (PDF), it is defined as:
  1. the degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued (i.e. the identity proofing component) and 
  2. the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued (i.e. the "technical strength" of the credential itself)
Applying the LOA terminology to Attributes brings confusion, and given the multiple folks who brought up this point and the resonance the comments got, I hope this usage will be discouraged by the community going forward.

I hope that we can come up with and agree on another term to convey our intent here, which is to denote the Measure of Confidence or a Level of Confidence you can have in an Attribute. The components that make up that level/measure TBD.

:- by Anil John