Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SPG:Drafts:Assessment Community IDvetting adequacy"

From EGIWiki
Jump to navigation Jump to search
(Created page with "'''Draft Procedure - Assessment of the Adequacy of Community ID vetting'''")
 
Line 1: Line 1:
'''Draft Procedure - Assessment of the Adequacy of Community ID vetting'''
'''Draft Procedure - Assessment of the Adequacy of Community ID vetting'''
From the security policy on Acceptable Authentication Assurance,
Authentication and identification is considered adequate if the combined assurance level provided by the Issuing Authority, the e-Infrastructure registration service, and the VO registration service, for each User authorised to access Services, meets or exceeds the requirements of the following approved IGTF authentication assurance profiles [R5]:
a) IGTF Assurance Profile ASPEN (urn:oid:1.2.840.113612.5.2.5.1)
b) IGTF Assurance Profile BIRCH (urn:oid:1.2.840.113612.5.2.5.2)
c) IGTF Assurance Profile CEDAR (urn:oid:1.2.840.113612.5.2.5.3)
Unless either the VO or e-infrastructure registration service can demonstrate that - for the Users it authorises to use Services - it meets one of the approved assurance profiles, the IGTF accredited issuing authority MUST provide this level of assurance.
If either the specific VO registration service or the e-Infrastructure registration service meets or exceeds the approved authentication assurance profiles, an IGTF accredited Issuing Authority meeting the IGTF Assurance Profile DOGWOOD (urn:oid:1.2.840.113612.5.2.5.4) is considered adequate when used solely in combination with said VO or e-Infrastructure registration service.

Revision as of 10:37, 9 June 2017

Draft Procedure - Assessment of the Adequacy of Community ID vetting

From the security policy on Acceptable Authentication Assurance,

Authentication and identification is considered adequate if the combined assurance level provided by the Issuing Authority, the e-Infrastructure registration service, and the VO registration service, for each User authorised to access Services, meets or exceeds the requirements of the following approved IGTF authentication assurance profiles [R5]:

a) IGTF Assurance Profile ASPEN (urn:oid:1.2.840.113612.5.2.5.1)

b) IGTF Assurance Profile BIRCH (urn:oid:1.2.840.113612.5.2.5.2)

c) IGTF Assurance Profile CEDAR (urn:oid:1.2.840.113612.5.2.5.3)

Unless either the VO or e-infrastructure registration service can demonstrate that - for the Users it authorises to use Services - it meets one of the approved assurance profiles, the IGTF accredited issuing authority MUST provide this level of assurance.

If either the specific VO registration service or the e-Infrastructure registration service meets or exceeds the approved authentication assurance profiles, an IGTF accredited Issuing Authority meeting the IGTF Assurance Profile DOGWOOD (urn:oid:1.2.840.113612.5.2.5.4) is considered adequate when used solely in combination with said VO or e-Infrastructure registration service.