With a wide range of identity assurance frameworks to choose from, the most appropriate choice of assurance profile for a use case (one that meets both the risk assessment and the social and community context in which the assurance is needed) may be viewed as confusing. The choice of Cappuccino or Espresso from the REFEDS Assurance Framework, Assam from the AARC social media assurance, Birch and Dogwood from the Interoperable Global Trust Federation, Silver and Bronze from InCommon, and Levels 1 through 4 from both Kantara and NIST SP800-63 – all of these merit a policy mapping and comparison framework. In this whitepaper, we identify the implicit trust assumptions (in research and collaboration frameworks, the R&E identity federations, general private sector frameworks and e-government schemes) and present a way of comparing these frameworks.
This whitepaper is a response to the request for a matrix showing the different assurance levels in the context of the AARC Guidelines and deliverables.
Meetings and events
- EUGridPMA 45, AARC NA3, and GN43 EnCo: https://www.eugridpma.org/meetings/2019-01/ ("Assurance Profiles - a suite of options")
- TIIME 2019 Vienna: Untangling Assurance Spaghetti (https://pad.vweb.dress-code.biz/p/tiime19untangling-assurance)
Documents
- Visio drawings
- AARC-I050 Comparison Guide to Identity Assurance Mappings for Infrastructures: (v01-20190228: docx, PDF)