Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Daniela Pöhn

Work Area Participants 

Tangui Colouarn, Nicole Harris, Mikael Linden.

Background

We know that research organisations want to achieve a higher level of assurance for their users and want campuses (IdPs) to adopt LOA frameworks, however implementing assurance is a significant cost burden for the campuses and the ROI for the number of users involved is low creating an adoption barrier. 

...

  • There is no “standard” level of assurance for federations but most federations would meet most descriptions of “LOA1” for a sub-set of their users.  (See REFEDS wiki: https://wiki.refeds.org/display/ASS/LOA+for+Research+and+Education+Federations and https://wiki.refeds.org/download/attachments/1605723/kantara-mapping.xls?version=1&modificationDate=1413287289321&api=v2).
  • Technically achieving LOA1 would not necessarily be difficult, but the work needed to prove it has been met (e.g. audit, documentation etc.) would be expensive, particularly if applied campus wide for all users…so we rely on the trust model of federations rather than fully documented practice. 
  • Standardising LOA1 across federations may not be that useful in terms of the effort required and the end achievement. 
  • What is needed is LOA2+ for small groups of users in target federations.
  • We think it will be more cost-effective to provide a central step-up-assurance service for small groups of users to a reasonably high level than to try and achieve ubiquitous assurance improvements across campuses but we need to test this idea.

Work Items:

REFWork ItemDescriptionResponsibleDue Date

Status

1.4aIdP / Federation surveys on assurance Daniela01/09/15
Status
titleCOMPLETE
1.4bLiaison with AARC on SP aspects of assuranceWorking well, regular liaison calls. DanielaONGOING
Status
titleCOMPLETE
1.4cPaper on service aspects of assurance

Paper is available in draft: https://docs.google.com/document/d/13Ru2_eRIpJoRl_9Phm6FyLg2eVgnzFCKn4kat50c-uw/edit.

Mikael started work on one of the deliverables for specification for self-assessment tool: https://docs.google.com/document/d/1SnJ3hpYuf3_tcuDTE0lT9QeKL3qAm5A90oCRrFM1qRI/edit#heading=h.p2sxezpw3sf5.

FINAL DELIVERABLE.

Daniela31/12/15
Status
titleCOMPLETE


Work Area Actions / Ideas

  1. This work area is going to be political and needs to work closely with various other groups including AARC, JRA3, Enabling Users and FIM4R - will probably need someone to travel and be available at all of these events.
    1. Primary requirement: feedback on discussions at the AARC kick-off and building relationships with that workpackage, David Groep and Mikael (https://aarc-project.eu/workpackages/policy-harmonisation/)
  2. Need to talk extensively with campuses - work with federations to identify user groups to have discussions with.  NH has already started asking for these.
    1. Develop basic set of questions to ask around assurance schemes and achievability / expense of development. Overall aim is to look at the cost and impact of adopting assurance schemes on IdP organisations. 
    2. Road-test the idea of a step-up assurance service - separate vetting undertaken for small groups run as a separate service.  
  3. Compare back results of the above with original FIM4Paper requirements.
  4. Lack of Identity Management Practice Statements (IMPS) could be a problem.  Most federations claim require them from IdPs but do not enforce them.  Should this be addressed?  Have a look at the REFEDS work on this.

  5. Federations such as InCommon, SWAMID, HAKA and WAYF may have existing information on the cost of implementing assurance, we should ask them to contribute.   Also ask out on the REFEDS list if anyone has any information on cost of implementation.  Kantara?

  6.  End goal is some sort of cost-analysis – is it cost effective for campuses to adopt assurance practices?  We’d like to compare this to AARC proposals but it is unlikely that will develop quickly enough so we can use the Kantara profiles as a starting point. 

Deliverables

...

  • FORMAL DELIVERABLE: LoA service architecture options and capabilities analysis (report - November 2015).

Issues / Risks

RiskMitigation
Difficulty in getting to speak to the right campus peopleWork closely with the FOG / REFEDS groups to get contacts required.
Reliance on developments in AARC projectBuild close working relationship, use Kantara models as a support process.