An open discussion list for topics related to the eduGAIN interfederation service.

[Lukas Hämmerle <lukas.haemmerle AT switch.ch>]

Hi Davide

Thanks for the info and pointers to RAF. As we already set and release 
eduPersonAssurance attributes for edu-ID private identities, it would be 
relatively easy to set them.

However, currently only very few services (116) actually request the 
eduPersonAssurance attribute and only 27 of them require it.


Best Regards
Lukas


On 16.05.22 09:11, Davide Vaghetti wrote:
> It's nice to hear you and (unsurprisingly) with an interesting use case. 
> I think you are right saying that eduGAIN does not have any specific 
> policy requirement about open IdPs and self-asserted identities.
>
> More generally speaking, we lack two things: on the one hand a common 
> assurance framework adopted and recognized by all the eduGAIN 
> participants, on the other a policy decision about the minimum (or 
> baseline which is fancier) requirements for eduGAIN enabled identities.
>
> A common assurance framework exists, it's the REFEDS Assurance Framework 
> [1] and with RAF I think it would possible to clearly define 
> self-asserted identities for this specific use case. Nonetheless, AFAIK 
> RAF is far from being adopted by all the eduGAIN participants.
>
> Please note that an assurance requirement for eduGAIN is also currently 
> being discussed in the eduGAIN Futures Working Group [2]
>
> That said, I think in principle SWITCH could create a RAF profile to 
> signal that the eduID private identities (no university affiliation) are 
> self-asserted.
>
> Bests,
> Davide
>
> [1] https://wiki.refeds.org/display/ASS/REFEDS+Assurance+Framework+ver+1.0
> [2] 
> https://wiki.geant.org/display/eduGAIN/eduGAIN+Futures+Working+Group+Charter 



--
SWITCH
Lukas Hämmerle, Trust & Identity
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
+41 44 268 15 64  lukas.haemmerle AT switch.ch  http://www.switch.ch