The paper describes the design of FAME (Flexible Access Middleware Extension) architecture aimed at providing multi-level user authentication service for Shibboleth, which is endorsed by the Joint Information Systems Committee (JISC) as the next generation authentication and authorisation infrastructure for the UK Higher Education community. FAME derives authentication assurance level based upon the strength of the authentication token and protocol used by the user when authenticating and feeds it to the PERMIS authorisation decision engine via Shibboleth to enable more fine-grained access control. In this way, access to resources is controlled according to the strength of the authentication method so that more sensitive resources may require users to identify themselves using a higher level of authentication.