...
Guideline on the exchange of
...
specific assurance information between
...
Infrastructures
Summary
This document describes the assurance profiles that are recommended to be used by the e-Infrastructures and research infrastructures AAI platforms to exchange user authentication information between infrastructures.
The typical use case for this information exchange is a user who connects to a new service using an authentication workflows that goes through the AAI platform of another infrastructure. In this scenario the authentication information are not coming directly from the IdP, but aggregated by a second infrastructure AAI.
Infrastructures can assess the assurance of the authentication information based on multiple sources.
Increasingly Research Infrastructures and generic e-Infrastructures compose an 'effective' assurance profile derived from several sources. The assurance elements may come from an institutional identity provider (IdP), from community-provided information sources, from step-up authentication services, and from controls placed upon the user, the community, or the Infrastructure Proxy through either policy or technical enforcement. Knowledge about the upstream source of either identity or authenticator can also influence the risk perception of the Infrastructure and result in a modification of the assurance level, e.g. because it has involved a social identity provider or perhaps a government e-ID. The granularity of this composite assurance profile is attuned to the risk assessment specific to the Infrastructure or Infrastructures, and is often both more fine-grained and more specific than what can reasonably be expressed by generic IdPs or consumed by generic service providers.
Yet it is desirable to exchange as complete as possible the assurance assertion obtained between Infrastructures, so that assurance elements need not be re-asserted or re-computed by a recipient Infrastructure or Infrastructure service provider.
This document describes the assurance profiles that are recommended to be used by the e-Infrastructures and research infrastructures AAI platforms to exchange user authentication information between infrastructuresThe profiles described in this document are designed to provide the assurance information that are relevant for the infrastructures to decide on the eligibility of the user to access service categories. Therefore the profiles may cover a subset of the total information on assurance.
Links
Working docs
New strawman document is out now, adding specific scoping, rationale, and tightening the association with the RAF:
...
Meetings schedule and Minutes
| Date | Location | Agenda | Minutes |
|---|---|---|---|
| YYYY-MM-DD HH-MM TIME-COORDINATES (UTC/CEST/...) | link to webconf platform/room | IMPORTANT insert link to PUBLIC PAGE | IMPORTANT insert link to PUBLIC PAGE |