The services requires to uniquely identify users for authorization purposes. Without some a unique identifier, it is impossible to distinguish two different users between each other.

As a service that supports Sirtfi, it is required that it is able to uniquely identify users.

pairwise-id

eduPersonPrincipalName1

eduPersonTargetedID

eduPersonUniqueId

Access to services connected to PUHURI is allowed only with use of identities that fulfill certain identity assurance criteria.the resources connected through MyAccessID will be dominantly supported by identites coming from the IdPs from the R&E sector and eduGAIN.

Best-fit and natural is to use the Assurance Framework that originated as collaborative work of R&E federations - the To express the required assurance levels, the REFEDS Assurance suite https://wiki.refeds.org/display/ASS is used.

Requirements are defined for two aspects of identity assurance:

• Identifier uniqueness to ensure unambiguous identification of users;
• Identity proofing and credential issuance, renewal, and replacement to ensure that identity trustworthy represents right natural person.

Level of assurance for an identity issued to a user is expressed at the time of user authentication by the IdP sending eduPersonAssurance attribute with following valuesTo insure identifier uniqueness:

• https://refeds.org/assurance/ID/UNIQUE; or
• https://refeds.org/assurance/ID/eppn-unique-no-reassign

To insure sufficient identity proofing and credential issuance, renewal, and replacement:

• https://refeds.org/assurance/IAP/medium; or
• https://refeds.org/assurance/IAP/high

Level of Assurance information is planned to become mandatory in 2022

cn

MyAccessID and the services connected through MyAccessID expect to receive the name of the user.

For example, when a user applies for a new project or for membership membership to an existing project, the managers need The service requires to uniquely and persistently identify the users who are members of virtual teams as they will be assigned membership roles and access rights to teams resources. When applying for membership to a team or a project, the manager needs to be able to recognise who the applicant and the team services used for the collaboration, expect to provide personalised access.As a service that meets the requirements for and supports the entity category of R&S, it is expected to receive the R&S attribute bundle, which includes cn, displayName, sn and givenName.

As a service that meets the requirements for and supports the entity category of Code of Conduct, the service specifically declares the attributes required to use the service

sn + givenName

mail

The service MyAccessID needs to be able to contact the user regarding the status of their account.

As a service that meets the requirements for and supports the entity category of R&S, it is expected to receive the R&S attribute bundle, which includes the mail.

As a service that meets the requirements for and supports the entity category of Code of Conduct, it specifically declares the attributes required to use the service. As a service that supports Sirtfi, it is required that it is able to contact usersIn addition, many of the services connected through MyAccessID expect the email of the user in order to be able contact the user about service related matters.

eduPersonScopedAffiliation

Access to many of the HPC resources connected through MyAccessID in the context of EuroHPC (and beyond) relies on authorising users based on the affiliation of their members in with their home organisation.

As a service that meets the requirements for and supports the entity category of R&S, it is expected to receive the R&S attribute bundle, which includes the eduPersonScopedAffiliation.

As a service that meets the requirements for and supports the entity category of Code of Conduct, the service specifically declares the attributes required to use the service

Access to many of the HPC resources service connected through MyAccessID in the context of EuroHPC (and beyond) relies on authorising users based on their home organisation.As a service that meets the requirements for and supports the entity category of Code of Conduct, the service specifically declares the attributes required to use the service.