...
Step-up authentication means that the user first authenticates with a password, and subsequently with a second factor (such as by an one-time password delivered to his/her cellphone.)
- if it costs you money
- if it costs you work (for instance, you need to operate a registration authorityto operate one or several registration authorities where your community's users come to show their photo-ID and you record their cellphone number)
Freshness of user data
- accounts are closed as an individual departs? How promptly?
- eduPersonAffiliation value is updated as an individual departs? How promptly?
...
- Is it enough that the Home Organisation self-asserts the abovethat they comply with the LoA baseline?
- plus Plus someone who has some enforcement rights (e.g. Home identity federation can remove “compliant” tag from the HO)?
- also internal audits needed?
- also external audits needed?
...
- attribute population; which attributes the Home Organisation populates for users
- attribute release; which attributes the Home Organisation is willing to release
...
- release