You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Questions for SP communities (e.g. research infrastructure projects or individual SP admins). 

The approach could be an interview or a web based survey

How important it is for you that...

Identity concept

  • all account belongs to an individual person (i.e. there are no shared accounts like "libraryuser1")?
  • and all users are traceable (i.e. the home organization knows and can reach him/her)?
  • and Home Organisation is willing to collaborate with you if their user misbehaves?
  • that you (as an SP) can block him/her from your services?
  • user identifiers are persistent i.e. not reassigned (re-cycled) to another person over time?
  • user identifiers are shared by multiple SPs  (i.e. not pairwise/targeted)

Initial proof of identity

  • the home organization has a documented identity vetting process (whatever it is)?
  • the identity vetting process is face-to-face or equivalent?

On-line authentication

  • Are password-based authentication good enough for you?
  • Or should passwords have some kind of quality floor? (What kind of quality floor?)
  • Do you need two factor authentication? (What kind of?)

Would you like to use step-up authentication as a service?

Step-up authentication means that the user first authenticates with a password, and subsequently with a second factor (such as by an one-time password delivered to his/her cellphone). Step-up authentication could be delivered to research communities as a service.

  • if it costs you money?
  • if it costs you work (for instance, you need to operate one or several registration authorities where your community's users come to show their photo-ID and you record their cellphone number)?

Freshness of user data

  • Do you expect that user accounts are closed as an individual departs? How promptly?
  • Do you expect that user's eduPersonAffiliation value is updated as an individual departs? How promptly?

LoA Audits

  • Is it enough that the Home Organisation self-asserts that they comply with the LoA baseline?
  • Plus someone has some enforcement rights (e.g. Home identity federation can remove “compliant” tag from the Home Organisation if there are doubts that a Home Organisation fails the minimum requirements)?
  • also internal audits needed?
  • also external audits needed?

---

Additional requirements

Do we think these issues have anything to do with the LoA things?

  • attribute population; which attributes the Home Organisation populates for users
  • attribute release; which attributes the Home Organisation is willing to release 

--- 

Communitites to target this survey

  • EGI (DavidG)
  • wLCG (Romain).
  • PRACE (Jules Wolfrat)
  • HBP (question)
  • No labels