Why? Assurance means both knowing if the person on the other side is indeed the same user that you know, but also includes identity assurance, verifying that the person is indeed the one they claim to be: name and affiliation being the most visible elements. How strong that assurance needs to be depends on the type of research and the collaboration risk assessment.
And for how long do you trust that the activity is still the intended one, and from the same user? Recommendation: review the technical and policy guidelines endorsed by the AAI providers and infrastructures in AEGIS, the AARC Engagement Group for Infrastructures: - Identify your assurance requirements, following AARC-G031 "evaluation and combination of the assurance of external identities".
- Identify suitable token lifetimes, using AARC-G081 "Recommendations for Token Lifetimes"
Applicable guidance: Assurance Requirements, AARC-G031 evaluation and combination of the assurance of external identities, AARC-G081 "Recommendations for Token Lifetimes" | 