You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 Attribute Requirements

Note

If the IdP is connected to one of the R&E Federations but is not published in eduGAIN, then please advise the IdP operator to request their IdP to be published to the eduGAIN metadata.


IdPs that are not connected to an R&E federation, need to be in one of the eligible categories in order to be integrated on MyAccessID:

  • Recognised community platforms that require access to resources using MyAccessID;
  • High Performance Computing facilities which operate their Identity Management Systems.

If the IdP you wish to integrate is not connected to an R&E Federation and does not fit in any of the above categories, please contact us.

Supported Protocols

The IdP MUST support one of the following protocols:

  • OIDC
  • SAML2

Attribute release requirements

See Attribute Requirements for more information

Level of Assurance requirements

Access to certain Connected Services is allowed only with use of identities that fulfil specific identity assurance criteria. To express the required assurance levels, the REFEDS Assurance suite https://wiki.refeds.org/display/ASS is used.

Requirements are defined for two aspects of identity assurance:

  • Identifier uniqueness to ensure unambiguous identification of users
  • Identity proofing and credential issuance, renewal, and replacement to ensure that identity trustworthy represents right natural person

Level of assurance for an identity issued to a user is expressed at the time of user authentication by the IdP sending eduPersonAssurance attribute with following values:

  • No labels