Questions for IdPs
1.Identity/account concept
- Account for an individual person (i.e. there are no shared accounts)?
- If shared: possible to distinguish between individual and shared accounts?
- If individual account: traceable? Are identifiers persistent?
- Which unique identifier?
2.Registration and proof of identity
- What identity vetting process? Face-to-face or different?
- Documented?
- Different validation between student, staff or faculty members? How?
3.Online authentication
- Passwords?
- Passwords with quality guarantees? What kind of guarantees?
- Two factor authentication?
- If no two factor authentication: How big would be the cost to provide two factor authentication?
4.Freshness of user data
- Are accounts closed as an individual departs? How promptly?
- Is the eduPersonAffiliation value updated as an individual departs? How promptly?
5.Step-up authentication
Step-up authentication means that the user first authenticates with a password, and subsequently with a second factor (such as by an one-time password delivered to his/her cellphone)
- Would you like to have GÉANT/your NREN to run such a service (if it costs/if it doesn't cost)?
- How many users would need such a service?
6. Provenance and level of assurance
- Do you use a level of assurance? Which one?
- Is the LoA self-asserted?
- Is everything documented?
- If not documented: which costs would that be?
- Internal audits?
- External audits?
- If no audits: costs for that?
- How many users need a (higher) level of assurance?
- Identity Management Practise Statement?