SPG:Drafts:Assessment Community IDvetting adequacy

From EGIWiki
Revision as of 11:21, 9 June 2017 by Davidg (talk | contribs)
Jump to: navigation, search

Draft Procedure - Assessment of the Adequacy of Community ID vetting

Authentication and identification is considered adequate, for each User authorised to access Services, if the combined assurance level provided by the end-user credential issuing authority, the e-Infrastructure registration service, and the VO registration service meets or exceeds the requirements of the approved IGTF authentication assurance profiles [AAP].

The VO or e-Infrastructure wishing to prove the adequacy of its identity vetting, in order to use its members' credentials in conjunction with the IGTF Assurance Profile DOGWOOD, must submit a request for assessment by the EGI Security Policy Group.

The EGI SPG shall advise the EGI Operations Management Board with respect to suitability of the VO or e-Infrastructure for such combined adequacy in accordance with the Policy on Acceptable Authentication Assurance.

The advise shall be based on the assessment of the following submitted information:

  • their compliance with the Community Membership Policy
  • documented description of the membership life cycle process and practices meeting the requirements of the IGTF ASPEN, BIRCH, or CEDAR assurance level, where
    • the membership registration data and issued assertions constitute the credential of the user
    • where the identifier is obtained from a DOGWOOD user credential, the membership registration data should maintain a persistent unique mapping to an appropriate representation of the real name of the user, and this name should be released where technically feasible
    • the Issuing Authority corresponds to the collection of membership management and assertion-issuing systems and services