...
3.2.Initial proof of identity
How important is it for you that
...
- if it costs you money?
- if it costs you work (for instance, you need to operate one or several registration authorities where your community's users come to show their photo-ID and you record their cellphone number)?
4. Questions on user attributes
Besides an identifier, the Home Organisation's Identity Provider is able to deliver also other attributes of the person that logs in.
4.1. Freshness of user
...
accounts and attributes
Many Home Organisations close the user account when an individual departs (e.g. researcher changes his/her employer). Closing the account closes also federated access to your SP. However, some organisations keep the accounts open (e.g. to serve alumni etc).
- Do you expect that user accounts are closed as an individual a user departs? How promptly?
- Do you expect that user's role attributes (e.g. eduPersonAffiliation="faculty") value is updated as an individual departs? How promptly?
4.2. Quality/provenance of user data
In larger universities the IdP/IdP gathers users' attributes from several registries with (payroll system, CRIS system, student registry) with varying data quality. Some attributes can even be self-asserted by the user him/herself.
- Do Is it important for you want to know the reliability of quality/provenance of the user data on an the attribute level? On What attributes? On what level of granularity?
...
5.Audits
- Is it enough that the Home Organisation self-asserts that they comply with the LoA baseline?
- Plus someone has some enforcement rights (e.g. Home identity federation can remove “compliant” tag from the Home Organisation if there are doubts that a Home Organisation fails the minimum requirements)?
- also internal audits needed?
- also external audits needed?
...