You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Background

The AARC project and the REFEDS Assurance Working Group have developed a proposed REFEDS Assurance Framework (including two assurance profiles Cappuccino and Espresso) to be used by research and education federations in order to support a variety of assurance needs from service providers. The framework and the profiles specifically avoid the concept of "levels"  - recognising on the one hand that the required assurance needs of any given scenario, group, or service do not necessarily map neatly on to a static hierarchy and on the other that home organisations can often meet some sets of requirements in different "levels" in traditional structures but can struggle to meet the complete requirements at any given level. The REFEDS Assurance Framework and assurance profiles intend to meet known use-cases in a pragmatic and tailored way. 

The REFEDS Assurance Framework is complemented by the REFEDS Single-factor authentication profile that is exposed to a parallel consultation.

With thanks to AARC for supporting man-power to create this proposal.

Mikael Linden has written a useful background blog on the consultation.

Overview

** The consultation opens on Tuesday 8th May 2018 and closed at 5pm CEST on Friday 22nd June 2018 **

Participants are invited to:

Following the consultation all comments will be taken back to the Assurance working group for review and if appropriate the Profile will then be forwarded to the REFEDS Steering Committee for sign-off and publication on the REFEDS website as per the REFEDS participants agreement

This Assurance Framework is now available for a second round of consultation. Details from the first consultation can be found at: Consultation: REFEDS Assurance Framework.  

The document for the consultation is available as an attachment to this page.  Background on the Assurance Working Group is available.  All comments should be made on: consultations@lists.refeds.org or added to the change log below.  Comments posted to other lists will not be included in the consultation review. 

Change Log

Change Log for the REFEDS Assurance Framework Consultation.  Please fill in your comments and change requests below. Line numbers are available in the document for ease of reference.

NumberLine / ReferenceProposed Change or QueryProposerAction / Decision (please leave blank)
174

The idea that asserting values on the eppn reassign also implies that eppn is unique seems unintuitive and liable for misinterpretation. I also find the statements at line 74 and at 94 to be conflicting.

74 = "if the Home organisation asserts unique and no-eppn-reassign, then the ePPN attribute value also shares the same uniqueness properties as eduPersonUniqueID (ePUID)." 

94="Finally, the reader is reminded that they should not assume any uniqueness property that goes beyond the specification of the attribute."

Unique and not-reassigned do not necessarily mean the same thing, which is implied by line 74 somehow.

Hannah Short (CERN)
2114It would be helpful to see examples brief examples of each Identity proofing level, without having to go through 5 clicks and a download form to get to Kantara.Hannah Short (CERN)










  • No labels