You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

  • Questions for SP communities (e.g. research infrastructure projects or individual SP admins). (Interview or web based survey) 

How important it is for you that...

Identity concept

  • an account belongs to an individual person (i.e. there are no shared accounts like "libraryuser1")?
  • and s/he is traceable (i.e. the home organization knows and can reach him/her)?
  • and Home Organisation is willing to collaborate with you if their user misbehaves?
  • that you (as an SP community) can block him/her from the service?
  • user identifiers are persistent i.e. not reassigned to another person?
  • user identifiers are shared by multiple SPs  (i.e. not pairwise/targeted)

Initial proof of identity

  • the home organization has a documented identity vetting process (whatever it is)?
  • the identity vetting process is face-to-face or equivalent?

On-line authentication

  • passwords?
  • passwords with quality guarantees? (What kind of guarantees?)
  • two factor authentication?

Would you like to use step-up authentication as a service?

Step-up authentication means that the user first authenticates with a password, and subsequently with a second factor (such as by an one-time password delivered to his/her cellphone)

  • if it costs you money
  • if it costs you work (for instance, you need to operate one or several registration authorities where your community's users come to show their photo-ID and you record their cellphone number)

Freshness of user data

  • accounts are closed as an individual departs? How promptly?
  • eduPersonAffiliation value is updated as an individual departs? How promptly?

Provenance of the identity and authentication

  • Is it enough that the Home Organisation self-asserts that they comply with the LoA baseline?
  • Plus someone who has some enforcement rights (e.g. Home identity federation can remove “compliant” tag from the Home Organisation)?
  • also internal audits needed?
  • also external audits needed?

---

Additional requirements

Do we think these issues have anything to do with the LoA things?

  • attribute population; which attributes the Home Organisation populates for users
  • attribute release; which attributes the Home Organisation is willing to release 

--- 

Communitites to target this survey

  • EGI (DavidG)
  • wLCG (Romain). 
  • No labels