Presentation is loading. Please wait.

Presentation is loading. Please wait.

REFEDS Assurance Framework

Published byWillis Barber Modified over 6 years ago

Similar presentations

Presentation on theme: "REFEDS Assurance Framework"— Presentation transcript:

1 REFEDS Assurance Framework
AARC2 AHM Nov 2017 Mikael Linden, REFEDS assurance wg chair

2 Short history 11/2015 AARC publishes minimal LoA requirements for low-risk research 6/2016 REFEDS establishes the Assurance working group To write a specification to meet the requirements 4-6/2017 Public consultation on the 1st draft of the REFEDS Assurance Framework (RAF) 25 comments received and now resolved

3 REFEDS assurance fw: four dimensions of LoA
Identifiers ID proofing Authentication Attributes ID is unique, personal and traceable Good enough for institution’s local systems Capacity for single-factor authentication Accurate and fresh affiliation information ePPN is unique, personal and traceable Assumed (e.g. postal credential delivery) Capacity for multi-factor authentication Verified (e.g. F2F)

4 ”Cappuccino” profile for low risk use cases (c. f. AARC1 MNA3
”Cappuccino” profile for low risk use cases (c.f. AARC1 MNA3.1 “minimal requirements”) Identifiers ID proofing Authentication Attributes ID is unique, personal and traceable Good enough for institution’s local systems Capacity for single-factor authentication Accurate and fresh affiliation information ePPN is unique, personal and traceable Assumed (e.g. postal credential delivery) Capacity for multi-factor authentication Verified (e.g. F2F)

5 ”Espresso” profile for demanding use cases
Identifiers ID proofing Authentication Attributes ID is unique, personal and traceable Good enough for institution’s local systems Capacity for single-factor authentication Accurate and fresh affiliation information ePPN is unique, personal and traceable Assumed (e.g. postal credential delivery) Capacity for multi-factor authentication Verified (e.g. F2F)

6 RAF: Key changes since 1st draft in spring
Dropped SAML2 metadata entity attributes Use ePAssurance for user/IdP capacity for SFA/MFA, use AuthnContext to actually request/express it

7 Future Develop Single-Factor Authentication profile for IdPs (GEANT project) Draft based on NIST b Becomes part of Cappuccino Develop guidelines how to fullfill SFA With an AD back-end With an OpenLDAP back-end Expose RAF, SFA and the two guidelines to another public consultation Have a pilot

Download ppt "REFEDS Assurance Framework"

Similar presentations

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) 21.6.2012 FIM for research collaboration workshop Mikael Linden,

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements.

STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements.
Campus Identity Management Requirements (=IAP) REFEDs meeting 7.6.2009 Mikael Linden,

Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,
Kalmar Union lessons: Findings in federation harmonisation REFEDS 7.6.2009 Mikael Linden, CSC.

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.
GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.

GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.
Federations round table Haka federation of Finland EuroCAMP 17.4.2007 Mikael Linden CSC, the Finnish IT Center for Science.

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.
Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,

Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]

AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]

Similar presentations

Ads by Google