Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Step-up authentication means that the user first authenticates with a password, and subsequently with a second factor (such as by an one-time password delivered to his/her cellphone). Step-up authentication could be delivered to research communities as a service.

  • if it costs you money?
  • if it costs you work (for instance, you need to operate one or several registration authorities where your community's users come to show their photo-ID and you record their cellphone number)?

Freshness of user data

  • Do you expect that user accounts are closed as an individual departs? How promptly?
  • Do you expect that user's eduPersonAffiliation value is updated as an individual departs? How promptly?

...

LoA Audits

  • Is it enough that the Home Organisation self-asserts that they comply with the LoA baseline?
  • Plus someone who has some enforcement rights (e.g. Home identity federation can remove “compliant” tag from the Home Organisation if there are doubts that a Home Organisation fails the minimum requirements)?
  • also internal audits needed?
  • also external audits needed?

...