Difference between revisions of "SPG:Drafts:Assessment Community IDvetting adequacy"
Line 1: | Line 1: | ||
'''Draft Procedure - Assessment of the Adequacy of Community ID vetting''' | '''Draft Procedure - Assessment of the Adequacy of Community ID vetting''' | ||
Authentication and identification is considered adequate, for each User authorised to access Services, if the combined assurance level provided by the end-user credential issuing authority, the e-Infrastructure registration service, and the VO registration service meets or exceeds the requirements of the approved IGTF authentication assurance profiles [AAP]. | |||
The VO or e-Infrastructure wishing to prove the adequacy of its identity vetting, in order to use its members' credentials in conjunction with the IGTF Assurance Profile DOGWOOD, must submit a request for assessment by the EGI Security Policy Group. | |||
The EGI SPG shall advise the EGI Operations Management Board with respect to suitability of the VO or e-Infrastructure for such combined adequacy in accordance with the Policy on Acceptable Authentication Assurance. | |||
The advise shall be based on the assessment of the following submitted information: | |||
* their compliance with the Community Membership Policy | |||
* documented description of the membership life cycle process and practices meeting the requirements of the IGTF ASPEN, BIRCH, or CEDAR assurance level, where | |||
** the membership registration data and issued assertions constitute the credential of the user | |||
** where the identifier is obtained from a DOGWOOD user credential, the membership registration data should maintain a persistent unique mapping to an appropriate representation of the real name of the user, and this name should be released where technically feasible | |||
** the Issuing Authority corresponds to the collection of membership management and assertion-issuing systems and services |
Revision as of 12:21, 9 June 2017
Draft Procedure - Assessment of the Adequacy of Community ID vetting
Authentication and identification is considered adequate, for each User authorised to access Services, if the combined assurance level provided by the end-user credential issuing authority, the e-Infrastructure registration service, and the VO registration service meets or exceeds the requirements of the approved IGTF authentication assurance profiles [AAP].
The VO or e-Infrastructure wishing to prove the adequacy of its identity vetting, in order to use its members' credentials in conjunction with the IGTF Assurance Profile DOGWOOD, must submit a request for assessment by the EGI Security Policy Group.
The EGI SPG shall advise the EGI Operations Management Board with respect to suitability of the VO or e-Infrastructure for such combined adequacy in accordance with the Policy on Acceptable Authentication Assurance.
The advise shall be based on the assessment of the following submitted information:
- their compliance with the Community Membership Policy
- documented description of the membership life cycle process and practices meeting the requirements of the IGTF ASPEN, BIRCH, or CEDAR assurance level, where
- the membership registration data and issued assertions constitute the credential of the user
- where the identifier is obtained from a DOGWOOD user credential, the membership registration data should maintain a persistent unique mapping to an appropriate representation of the real name of the user, and this name should be released where technically feasible
- the Issuing Authority corresponds to the collection of membership management and assertion-issuing systems and services