Skip to end of metadata
Go to start of metadata

Identity lifecycle & linking

Account linking

The ability, for one entity, to link credentials from multiple IdPs to one account on an SP. More generically, the ability for a researcher to link multiple identities together, whether held in parallel or succession. The ability to accurately link accounts depends strongly upon the release of an appropriately unique and persistent identifier.

LIGO users able to link their internal account to their institutional account, using existing interfaces. New tools and services will be required to enable account linking for new accounts.


Discovery & usability

Smart discovery

IdP discovery should be “smart enough” to quickly and easily take a user to their appropriate home IdP. For example show the user a short list tailored to them by home country, institute, e-Infrastructure, research community, project or other hints.

The Discovery Service can restrict the list of displayed IdPs to those that host LIGO members. This is currently around 110. The Discovery Service can also use other hints to aid discovery at observatory locations.


Logo in metadata at an agreed standard size

Discovery services should display organisation logos to aid the user in choosing the IdP. IdPs or research community proxies should provide a logo at an agreed standard size.

To aid users in choosing their home institution the icon is displayed in the list. Where icons don't exist or don't conform to an acceptable size then their can be manually changed.(tick)
Attribute release

Attribute release

IdPs must release a unique, persistent, omnidirectional identifier, email address, and name for users when accessing research services. For example, ensure that the CoCo and R&S entity categories are widely adopted.

By adopting R&S the proxy is able to make use of a email address for linking accounts which can simplify account linking using the existing tools and services.(tick)

Attribute release across borders

The R&S bundle, especially, needs to easily flow from IdPs to SPs without regard to their nationalities. More outreach of the risk analyses performed by GEANT and REFEDS about R&S + CoCo entity categories is needed to increase adoption.

By adopting R&S the proxy is able to make use of a email address for linking accounts which can simplify account linking using the existing tools and services.(tick)
Research community proxies

IdP/SP Proxies must be allowed to join edugain

IdP/SP Proxies must be permitted to join eduGAIN or one of its constituent national federations. Snctfi requirement below is related.

The IdP/SP proxy was added to eduGAIN and assigned R&S status.(tick)

Avoid user/interop issues due to inconsistent propagation of metadata for entities.

Federations should support standard and automated metadata propagation processes and, where out of band actions are required, provide clear documentation and support

The attributes required to add join eduGAIN and R&S status were found using the Internet2 documentation.(tick)

Federation entity attributes designed to enhance user experience should be populated

Eg, the entity attributes defined in the SAML “MDUI Information” specification and errorURL should be populated at least.

Security and error information was added to the eduGAIN metadata for the proxy.(tick)
  • No labels