Guideline on the exchange of specific assurance information between Infrastructures (AARC-G021)
|Table of Contents|
Increasingly Research Infrastructures and generic e-Infrastructures compose an 'effective' assurance profile derived from several sources. The assurance elements may come from an institutional identity provider (IdP), from community-provided information sources, from step-up authentication services, and from controls placed upon the user, the community, or the Infrastructure Proxy through either policy or technical enforcement. Knowledge about the upstream source of either identity or authenticator can also influence the risk perception of the Infrastructure and result in a modification of the assurance level, e.g. because it has involved a social identity provider or perhaps a government e-ID. The granularity of this composite assurance profile is attuned to the risk assessment specific to the Infrastructure or Infrastructures, and is often both more fine-grained and more specific than what can reasonably be expressed by generic IdPs or consumed by generic service providers.
This document is now in final public comment
Assigned DOI: https://doi.org/10.5281/zenodo.1173558 (this one was a bit challenging as we do not have a formal author list - too many undefined contribuants from AARC and AppInt)
Adopted license: CC-BY-4.0
Recasted document with specific scoping, rationale - and tightening the association with the REFEDS RAF framework - is now available: