Background
These are some notes from the Zurich meeting for JRA3 on how we could better represent baseline level of assurance for federations and federation entities, and what it means to go above the baseline - what I am calling a "boosted" entity here for want of a better word. The idea is to create something that is completely separate from the concept of hierarchical levels of assurance, but you can "boost" your IdP offering in different ways that are orthogonal and may be combined in different ways to meet the needs of different scenarios / environments. It also suggests the need to "boost" both sides of the coin to improve trust in both the IdP and SP. I've played around with a lot of words for this but struggle to find any other way of describing that does not imply some sort of strict hierarchy.
Approach
Pieces of the Puzzle
To achieve the baseline requirements:
- Federations using the baseline requirements of metadata registration and eduGAIN compliance via the validator (and other?). We need to do more work on documenting the things that eduGAIN "expects" a federation to be doing / not doing, but not currently in the profiles (e.g. not publishing .local etc).
- Identity Providers meeting the baseline of assurance - this is being worked on by Mikael and Daniela in the REFEDS assurance working group.
- Service Providers??
To achieve "boosted entity":
- Support for Code of Conduct.
- Support for Research and Scholarship.
- Support for Sirtfi.
- Support for MFA.