Best-fit and natural is to use the Assurance Framework that originated as collaborative work of R&E federations - the REFEDS Assurance suite https://wiki.refeds.org/display/ASS.
To insure ensure identifier uniqueness:
- https://refeds.org/assurance/ID/unique; or
- https://refeds.org/assurance/ID/eppn-unique-no-reassign
To insure ensure sufficient identity proofing and credential issuance, renewal, and replacement:
...