PoS - Proceedings of Science
Volume 378 - International Symposium on Grids & Clouds 2021 (ISGC2021) - Network, Security, Infrastructure & Operations
Making Identity Assurance and Authentication Strength Work for Federated Infrastructures
J.A. Ziegler*, U. Stevanovic, D. Groep, I. Neilson, D.P. Kelsey and M. Kremers
Full text: pdf
Published on: October 22, 2021
Abstract
In both higher Research and Education (R&E) as well as in research-/ e-infrastructures (in short: infrastructures), federated access and single sign-on by way of national federations, operated in most cases by NRENs, are used as a means to provide users with access to a variety of services. Whereas in national federations institutional accounts, e.g. provided by a university, are typically used to access services, many infrastructures also accept other sources of identity: provided by ''community identity providers'', social identity providers, or governmental IDs. In order to assess and communicate the quality of identities being used and authentications being performed, so called Level of Assurance (LoA) frameworks are used. Because sophisticated LoA frameworks like NIST 800-63-3, Kantara IAF 1420 or eIDAS regulation are often considered too complex to be used in R&E scenarios, the REFEDS Assurance Suite, a more lightweight approach, has been developed. To select an appropriate assurance level, Service Providers need to weigh risks and potential harms in relation to the kind of service they offer. However, the management of risks is often implicitly assumed and little or no guidance to determine the appropriate assurance level is given. In this paper, first, common LoA frameworks and their relation to risk management are investigated. Following that, their components are compared against the REFEDS Assurance Suite using a graphical representation. The focus of this paper lies in providing guidance and best practices based on example scenarios for both Service Providers to request the appropriate REFEDS assurance level, as well as for Identity Provider operators on how to implement REFEDS assurance components.
DOI: https://doi.org/10.22323/1.378.0029
How to cite

Metadata are provided both in "article" format (very similar to INSPIRE) as this helps creating very compact bibliographies which can be beneficial to authors and readers, and in "proceeding" format which is more detailed and complete.

Open Access
Creative Commons LicenseCopyright owned by the author(s) under the term of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.