You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Questions for IdPs

1.Identity/account concept

  • Account for an individual person (i.e. there are no shared accounts)?
  • If shared: possible to distinguish between individual and shared accounts?
  • If individual account: traceable? Are identifiers persistent?
  • Which unique identifier?

2.Registration and proof of identity

  • What identity vetting process? Face-to-face or different?
  • Documented?
  • Different validation between student, staff or faculty members? How?

3.Online authentication

  • Passwords?
  • Passwords with quality guarantees? What kind of guarantees?
  • Two factor authentication?
  • If no two factor authentication: How big would be the cost to provide two factor authentication?

4.Freshness of user data

  • Are accounts closed as an individual departs? How promptly?
  • Is the eduPersonAffiliation value updated as an individual departs? How promptly?

5.Step-up authentication

Step-up authentication means that the user first authenticates with a password, and subsequently with a second factor (such as by an one-time password delivered to his/her cellphone)

  • Would you like to have GÉANT/your NREN to run such a service (if it costs/if it doesn't cost)?
  • How many users would need such a service?

6. Provenance and level of assurance

  • Do you use a level of assurance? Which one?
  • Is the LoA self-asserted?
  • Is everything documented?
  • If not documented: which costs would that be?
  • Internal audits?
  • External audits?
  • If no audits: costs for that?
  • How many users need a (higher) level of assurance?
  • Identity Management Practise Statement?

 

  • No labels