...
the evaluation of Level of Assurance (LoA) for Identity Providers (IdPs)
the evaluation of LoA for Service Providers (SPs)
the assertion of compliance with the Security Incident Response Framework for Federated Identity (Sirtfi)
the assertion of compliance with the Data Protection Code of Conduct (CoCo)
GEANT project (GN4-2 JRA3 T2.4 Identity Assurance Service) is implementing the tool during 2017.
- Draft requirements specification (please comment!): Google doc
Please comment in the document or send the editors (Hannah Short and Mikael Linden) an email if there is anything specific you would like to discuss.
...
- Draft requirements specification (please comment!): Google doc
- Presentation in 22 June 2016: Google slides
Summary
Tool Use Cases
- LoA assessment for IdPs
- Sirtfi compliance for IdPs and SPs
- SP Assurance level ("inverse" of IdP LoA assessment)
...
- Responsibility for the tool should be at a federation level. This does not preclude running the tool centrally. This will aid scalability
- The tool should send assessment requests to organisations based on contact information in metadata
- The tool should support multiple question types, yes/no and multiple choice
- Machine readable responses (yes/no/multiple choice) should be supported by secondary, evidence-based free text
- The tool should facilitate peer review; peer assignment should not be determined by the assessee
- Results of assessments should be made available; individual assessee results would be private to the assessee but an agregated view should be freely available
- Fed Ops should have access to all results of the assessments within their federation
- Access control for an assessment should facilitate private and public sharing
- The tool should support re-assessment and have configurable behaviour in the event that the re-assessment is not done or if it fails
...