As more communities share their science resources through the federation, data of higher value or in need of specific controls (such as biomedical data, but obviously much more), will change the risk assessment that underlies the baseline and differentiated assurance developed in AARC. The biomedical and social sciences often work with personal data (pseudonymized data also counting as personal), some of which even fall into the highest sensitivity under data protection legislation (e.g., genetic data, health data, or political opinions and religious beliefs under European General Data Protection Regulation [GDPR]). When dealing with personal data, the access of researchers is also given for a particular purpose only, depending on the legal basis of the collected material. Some research also deals with data of national security concerns (e.g., highly pathogenic biological material). Authorization decisions are then dependent on high-enough assurance of authentication and subject to risk assessment and adopting relevant risk mitigation measures.

The policy harmonisation work package (NA3) sought input on requirements from communities seeking to implement strong assurance profiles, e.g. "Espresso" or with even higher assurance components, to support their AAI.

The following data were provided by the (AARC) communities over the period of the AARC2 project. Opened in the beginning of the project with the intent to collect the requirements by month 9 (for MNA3.5), it was deliberately left open for other communities to join at a later stage. Yet, the responses all came from the biomedical domain (ELIXIR and BBMRI) - and it is their requirements that are listed here.


The REFEDS Assurance Framework defines 2 profiles covering identification and subsequent authentication -

  • Cappuccino profile for low risk use cases
  • Espresso profile for demanding use cases

Further information: Draft Assurance Framework (Presentation / Document  )

Use Cases

ContactMikael Linden
DescriptionSome relying services of ELIXIR AAI require MFA when granting access to sensitive data. Principal issues relate to which attribute is associated with the MFA, and what is the resultant reliability, usefulness and cost. A pilot has been run to test a senario with an MFA registration token delivered to the user as an SMS.
ReferencesFull discussion of senarios and problems are discussed in this document (google doc) together with the pilot roadmap (google doc). Please note that these documents are private, and access should be requested from the ELIXIR responsible team.

ContactPetr Holub

Issues identified with the REFEDS AF are related to

  • lack of prescribed attributes and
  • timely removal of attributes (1 day required rather than 1 month following termination of employment.)
ReferencesSee document (Overleaf doc), also in PDF format

  • No labels