Guidelines for LoA elevation through account linking in cross-sector AAIs
Summary
In the proposal for AARC2, the evolution of R&E AAIs is closely related to interaction with cross-sector AAIs:
The evolution of the R&E AAIs has to take into account the new environment for eGOV IDs that is being created by the eIDAS Regulation, and the AAIs that are being used in the private sector (both the enterprise and the so-called “social identities”).
In practical terms that means envisioning integration models and investigating interoperability issues.
In this context, Account Linking between R&E existing identities and cross-sector identities is a mean to achieve integration, and it is a fundamental component to make different AAIs interoperable. On the other hand, identities coming from cross-sector AAIs can have a very low Assurance Level (AL), or on the contrary an AL much higher to the one common in the R&E space. In the first case, in order to use low-AL identites in R&E we need techniques and policies to elevate the AL, while in the second one we can combine the higher-AL identities with the R&E ones to achieve a higher AL to be used in sensitive context like life science.
Links
Working docs
Current version (comment only, ask for edit privileges if needed)
https://docs.google.com/document/d/1ODfru_zjQHQp57MxE1PCZh7lafw57OCiM1fgejx4EbI/edit#
Previous version
https://docs.google.com/document/d/15gdUGuAMiDVQIC_eEDfA1vy35NKKh47K_Ak5NdBUzcI/edit?usp=sharing
Final PDF
To be published
Meetings schedule and Minutes
Date | Location | Agenda | Minutes |
---|---|---|---|
14:30 CEST | https://webconf.vc.dfn.de/aarc-jra1 | First AARC2 JRA1.3 meeting | 2017-07-21 Meeting notes |
14:00 CEST | https://webconf.vc.dfn.de/aarc-jra1 | Discuss TOC and use cases |