Advanced notice :
We will be upgrading wiki.geant.org from the current version of Confluence Server to the current LTS version 8.5. During the maintenance window we expect that there will be an outage of 20 minutes.
Maintenance start time: 22/10/2024 16:00 UTC. Maintenance end time: 22/10/2024 18:00 UTC.
Questions for SP communities (e.g. research infrastructure projects or individual SP admins). (Interview or web based survey)
How important it is for you that...
Identity concept
- an account belongs to an individual person?
- and s/he is traceable (i.e. the home organization knows and can reach him/her)?
- and Home Organisation is willing to penalize him/her if s/he misbehaves?
- that you (as an SP community) can block him/her from the service?
- user identifiers are persistent i.e. not reassigned to another person?
- user identifiers are shared by multiple SPs (i.e. not pairwise/targeted)
Initial proof of identity
- the home organization has a documented identity vetting process?
- the identity vetting process is f2f or equivalent?
On-line authentication
- passwords?
- passwords with quality quarantees? (What kind of?)
- two factor authentication?
Would you like to use step-up authentication as a service?
- if it costs you money
- if it costs you work (operating a registration authority)
Freshness of user data
- accounts are closed as an individual departs? How promptly?
- eduPersonAffiliation value is updated as an individual departs? How promptly?
Provenance of the identity and authentication
- Is it enough that the Home Organisation self-asserts the above?
- plus someone who has some enforcement rights (e.g. Home identity federation can remove “compliant” tag from the HO)?
- also internal audits needed?
- also external audits needed?
---
Do we want to mix these things here
- attribute population; which attributes the Home Organisation populates for users
- attribute release; which attributes the Home Organisation is willing to release