Versions Compared

Old Version 8

changes.mady.by.user Mikael Linden

Saved on

compared with

New Version Current

changes.mady.by.user Mikael Linden

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • the evaluation of Level of Assurance (LoA) for Identity Providers (IdPs)
  • the evaluation of LoA for Service Providers (SPs)
  • the assertion of compliance with the Security Incident Response Framework for Federated Identity (Sirtfi)
  • the assertion of compliance with the Data Protection Code of Conduct (CoCo)

GEANT project (GN4-2 JRA3 T2.4 Identity Assurance Service) is implementing the tool during 2017. 

Software requirements specification

  • Draft requirements specification (please comment!): Google doc
  • Please comment in the document or send the editors (Hannah Short and Mikael Linden) an email if there is anything specific you would like to discuss. 

Software requirements specification

Initial discussion notes during EWTI2015: http://etherpad.ewti.eu:9001/p/g.bIyUOSNaD6Z1zFWX$selfassessmenttool

...

Summary

Tool Use Cases

    - LoA assessment for IdPs
    - Sirtfi compliance for IdPs and SPs
    - GEANT Data protection Code of Conduct for SPs EU/EEA
    - SP Assurance level ("inverse" of IdP LoA assessment)

...

    - Responsibility for the tool should be at a federation level. This does not preclude running the tool centrally. This will aid scalability
    - The tool should send assessment requests to organisations based on contact information in metadata
    - The tool should support multiple question types, yes/no and multiple choice
    - Machine readable responses (yes/no/multiple choice) should be supported by secondary, evidence-based free text
    - The tool should facilitate peer review; peer assignment should not be determined by the assessee 
    - Results of assessments should be made available; individual assessee results would be private to the assessee but an agregated view should be freely available
    - Fed Ops should have access to all results of the assessments within their federation
    - Access control for an assessment should facilitate private and public sharing
    - The tool should support re-assessment and have configurable behaviour in the event that the re-assessment is not done or if it fails

...