| Tip | ||
|---|---|---|
| ||
If the IdP is connected to one of the R&E Federations but is not published in eduGAIN, then please advise the IdP operator to request their IdP to be published to the eduGAIN metadata. |
...
Attribute release requirements
IdPs must release the following attributes for users to successfully complete registration and use MyAccessID and its Connected Services:
- Name, that can be sent as :
- Common Name or
- Display Name or
- Given Name and Family Name
- Identifier, that can be sent as:
- subject-id or
- pairwise-id or
- persistent name-id or
- Community Identifier
- Affiliation
- Home Organization
- Assurance - attribute will become mandatory in 2022 (date TBD)
Please refer to Attribute formats for specification of accepted attribute formatsSee Attribute Requirements for more information.
Level of Assurance requirements
Access to certain Connected Services is allowed only with use of identities that fulfil specific identity assurance criteria. To express the required assurance levels, the REFEDS Assurance suite https://wiki.refeds.org/display/ASS is used.
Requirements are defined for two aspects of identity assurance:
- Identifier uniqueness to ensure unambiguous identification of users
- Identity proofing and credential issuance, renewal, and replacement to ensure that identity trustworthy represents right natural person
Level of assurance for an identity issued to a user is expressed at the time of user authentication by the IdP sending eduPersonAssurance attribute with following values:
...
See Level of Assurance Requirements for more information.