You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Survey to ask federations about costs for LoA

General overview

  • Do you have a LoA (schema) in place and which one?
  • Do you have contracts with IdPs?
  • Do you require an Identity Management Practice Statement? Do you enforce it?
  • Do you require any audits/documentations for IdPs?

Level of assurance

  • Have you made any cost analysis for introducing (a higher) LoA? Is a higher LoA want from IdPs?
  • Any experiences, which costs IdPs have to make in order to achieve a specific LoA?
  • Impacts on adopting LoA

Persons asked

  • Mikael Linden, Haka
  • Wolfgang Pempe, DFN-AAI
  • Leif Johansson, SWAMID
  • Tom Scavo, InCommon
  • David Simonsen, WAYF

Results

  • YES (and support of eduPersonAssurance attribute) - Do you have a LoA (schema) in place and which one?
  • YES - Do you have contracts with IdPs?
  • YES and NO, mostly in mother tongue - Do you require an Identity Management Practice Statement? Do you enforce it?
  • Mostly only documentation, not enforced, some have self-audits or pairwise audits; NemID as national two-factor-authentication mechanism at WAYF - Do you require any audits/documentations for IdPs?
  • NO and NO - Have you made any cost analysis for introducing (a higher) LoA? Is a higher LoA want from IdPs?
  • NO - Any experiences, which costs IdPs have to make in order to achieve a specific LoA?
  • Between none till high costs + High burden on the SP side to handle multiple LoA’s - in terms of knowledge needed and changing technical installations to support multi-LoA-policies. - Impacts on adopting LoA
  • No labels