Versions Compared

Old Version 2

changes.mady.by.user Christos Kanellopoulos

Saved on

compared with

New Version 3

changes.mady.by.user Christos Kanellopoulos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Name

Assurance

Description

Assurance of the identity of the user, following REFEDS Assurance Framework (RAF).

Following RAF values are qualified and automatically set for all MyAccessIDidentitiesMyAccessID identities:

  • https://refeds
  • https://refeds/ID/unique
  • https://refeds/ID/eppn-unique-no-reassign
  • https://refeds/IAP/low
  • https://refeds$/ATP/ePA-1m
  • https://refeds/ATP/ePA-1d

Following RAF values are set if the currently used authentication provider asserts (or otherwise qualifies to) them:

  • https://refeds/IAP/medium
  • https://refeds/IAP/high

Following compound profiles are asserted if the user qualifies to them - Experimental

  • https://refeds/profile/cappuccino
  • https://refeds/profile/espresso

Assurange of the identify of the user, following AARC-G021 - Experimental

Users logging-in via non-institutional Identity Providers (e.g. Google, ORCID) will have the following assurance value:

  • https://aarc-project.eu/policy/authn-assurance/assam

Assurange of the identify of the user, MyAccessID specific - Experimental

Users logging-in via non-institutional Identity Providers (e.g. Google, ORCID) will have the following assurance values:

  • https://MyAccessID.org/assurance/IDP/rs-sirtfi

  • http://refeds.org/category/research-and-scholarship

  • https://refeds.org/sirtfi
SAML Attribute(s)

urn:oid:1.3.6.1.4.1.5923.1.1.1.11 (eduPersonAssurance)

OIDC claim(s)eduperson_assurance
OIDC claim locationThe claim is available in:

 ID token
 Userinfo endpoint
☐ Introspection endpoint
OIDC scopeeduperson_assurance
Origin

MyAccessID is the origin for values it has set (see description).

The current authentication provider is the origin for the values it asserts (or otherwise qualifies to).

ChangesYes
Multiplicity

Multi-valued

AvailabilityMandatory
Example
  • https://refeds
  • https://refeds/ID/unique
  • https://refeds/ID/eppn-unique-no-reassign
  • https://refeds/IAP/low
  • https://refeds$/ATP/ePA-1m
  • https://refeds/ATP/ePA-1d
NotesThis attribute defines just the identity assurance. Authentication assurance is described using authentication contexts (SAML authentication context or OIDC acr claim).

...