Presentation is loading. Please wait.

Presentation is loading. Please wait.

Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.

Similar presentations


Presentation on theme: "Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation."— Presentation transcript:

1 https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation for Research and Collaboration NA3.1 LoA status 2-3 Nov 2015 3.1 task leader

2 https://aarc-project.eu Work done in parallel with GN4p1 SA5 T1 (=> IdP contacts) Interview template: https://wiki.geant.org/x/GgLkAghttps://wiki.geant.org/x/GgLkAg Interviews (1-1.5 hours, Skype) EGI – David G PRACE – Jules W CLARIN – Martin M ELIXIR – Ilkka L Photon/neutron – Mirjam van D Pending DARIAH – Peter G WLGC – Romain W /Hannah S Anyone missing? Interview results: https://wiki.geant.org/x/nQHbAghttps://wiki.geant.org/x/nQHbAg 2 Level of assurance Research community interviews done

3 https://aarc-project.eu MNA3.1: “Recommendation on minimal assurance level relevant for low-risk research use cases” Accounts belong to a known individual (i.e. no shared accounts) Persistent identifiers (i.e. are not re-assigned) Documented identity vetting (not necessarily F2F) Password authN (with some good practices) Departing user’s account closes/ePA changes promptly Self-assessment (supported with specific guidelines) Questions to the floor: Do we want to include incident response stuff (NA3.2) here? Do we want to include attribute release requirements? Do we want to include wider information security requirements? 3 Early findings (for the milestone MNA3.1 in 11/2015)

4 https://aarc-project.eu We (who is we? SA1? JRA1?) develop and pilot a tool which Is an eduGAIN SP to which any eduGAIN IdP admin can log in Presents structured self-assessment questions to the IdP/IdM admin Quantitive: (”do accounts belong to an individual”) Qualitative: (”explain how you ensure accounts belong to an individual”) Publishes the results for anyone to read Evaluates if the LoA minimum is fulfilled Spits an Entity Category tag to eduGAIN metadata for the IdP Can we do that centrally? Asks the IdP admin to re-evaluate every year Can assist in the LoA peer-review If peer review becomes a requirement e.g. for a higher LoA level 4 Idea: How to assist IdPs to do the LoA self-assessment

5 https://aarc-project.eu 5 c.f. Surfnet’s IdM maturity scan for Dutch Home Organisations

6 https://aarc-project.eu © GÉANT on behalf of the AARC project. The work leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 653965 (AARC). Thank you Any Questions? https://aarc-project.eu Mikael.linden@csc.fi


Download ppt "Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation."

Similar presentations


Ads by Google