This document has been written following the identification of a need within the Research and Education Federation communities for a tool by which to express and monitor compliance with policies and best practices. The self-assessment tool is intended to manage the quality standards self-evaluation process for the entities registered to the eduGAIN inter-federation service. At the time of inception, the following use cases were drivers for the development of a centralised, flexible tool:
- the evaluation of Level of Assurance (LoA) for Identity Providers (IdPs)
- the evaluation of LoA for Service Providers (SPs)
- the assertion of compliance with the Security Incident Response Framework for Federated Identity (Sirtfi)
- the assertion of compliance with the Data Protection Code of Conduct (CoCo)
Please comment in the document or send the editors (Hannah Short and Mikael Linden) an email if there is anything specific you would like to discuss.
Software requirements specification
Initial discussion mailing list: self-assessment-tool@lists.ewti.eu
Initial discussion notes: http://etherpad.ewti.eu:9001/p/g.bIyUOSNaD6Z1zFWX$selfassessmenttool
Draft requirements specification (please comment!): Google doc