Research communities have a need to express and potentially share certain trust marks on IdPs and SPs. These trust marks may differ from existing trust marks issued by identity federations. They may be used to compliment existing ones, in case the federation operator does not support particular trust marks like e.g. in the case of Sirtfi.

This activity tries to implement a technical solution that matches the requirements as described by the Sirtfi community and investigates usability of the solution for research communities and the impact of the solution to the identity federations. It also explores potential other scenarios where a similar methodology could be used, like e.g. REFEDS MFA and in the context of the IdP self assessment tool that was developed in GN4-2.

Out of scope for this activity are the questions about where and how such a tool would be used in the context of existing trust frameworks.

Activity goals:

• Create technical implementation based on Sirtfi + Registry requirements;
• Distill technical requirements from Sirtfi + Registry requirements;
• Create/Describe technical design;
• Buy or build (or modify existing);
• Improve trough sprint iterations;
• Interact with Sirtfi working group to improve features if needed;
• Learn and discuss flows and usability in ‘real world’ (Collaborate with LIGO);
• Deploy working setup so it can be tested with stakeholdersv
• Explore and describe (& implement) authZ architecture in collaboration w/ Sirtfi working group.

Sirtfi Registry Requirements: https://docs.google.com/document/d/1wh2SQU62zDRwlJLPFgwxmRnIq7IiVgPf76XI97Hzt80

User story description: https://docs.google.com/document/d/14pzjKo-QHWlGd5D0aRRzADSraPcDuf7HbUJrO_IbYqE/edit?ts=5c90ce9d

Initial technical details:

The project is supposed to represent a web portal, where users (i.e. dusters) will access using their federated credentials. The users will, upon invitation, be able to assert Sirtfi tag for the entity under their control. The flow will resemble https://access-check.edugain.org/. The more detailed description can be found here: https://docs.google.com/document/d/1Hwdi7iO3v2U-RrzgT_EhL7AA0xkE9RIr_bQac2IhZ3M

The current plan is to test the implementation, and to determine whether the trust model is satisfactory. Potentially, potential applications of the solution may extend the current Sirtfi+ use case.

With the federated access and adhering to basic principles of federated identity management (following DPCoCoV2 and, e.g., applicable AARC guidelines), no new issues regarding processing of personal data are foreseen.

Work is done when the initial version for proof of concept is implemented and evaluated.