...
Step-up authentication means that the user first authenticates with a password, and subsequently with a second factor (such as by an one-time password delivered to his/her cellphone). Step-up authentication could be delivered to research communities as a service.
- if it costs you money?
- if it costs you work (for instance, you need to operate one or several registration authorities where your community's users come to show their photo-ID and you record their cellphone number)?
Freshness of user data
- Do you expect that user accounts are closed as an individual departs? How promptly?
- Do you expect that user's eduPersonAffiliation value is updated as an individual departs? How promptly?
...
LoA Audits
- Is it enough that the Home Organisation self-asserts that they comply with the LoA baseline?
- Plus someone who has some enforcement rights (e.g. Home identity federation can remove “compliant” tag from the Home Organisation if there are doubts that a Home Organisation fails the minimum requirements)?
- also internal audits needed?
- also external audits needed?
...