Subject Re: discussion on assurance
From Alex Reid <alex.reid@xxxxxxxxxx>
Date Thu, 07 Jul 2011 20:23:18 +0800

At 03:09 AM 5/07/2011, Peter Schober wrote:

* David Chadwick <d.w.chadwick@xxxxxxxxxx> [2011-07-04 18:20]:
> I am arguing that universities ought to be able to do better than
> zero assurance, in order to add more value to their assertions, and
> I believe that the majority of the UK IdPs already do. Therefore the
> bar ought to be raised to this level for all IdPs. This level is
> level 2, and it is not as onerous as I think you think it is.

I agree with Nicole (most institutions are not at LoA2 currently --
read on for why -- that's a simple fact, so we cannot *require* LoA2
for general federation membership. Only optional assurance profiles --
to use the SWAMID 2.0 federation policy terminology -- should mandata
specific levels).

While it is true that it might be unreasonable/impractical to require all IdPs to assert all their members at LOA2, it is not unrealistic to require them to assert *some* of their members at LOA2 (at least); this would be required if we are authenticating users for special/expensive facilities like telescopes, particle colliders, supercomputers, etc. But those will only ever be a fraction of the total user population of most IdPs, so the overhead/expense may be tolerable (especially as most institutions already do that for Grid users, etc).

Cheers, Alex.

T Alex Reid
Advisor, eResearch & Middleware
AARNet (Australia's NREN)
Honorary Professorial Fellow
School of Computer Science & Software Engineering
The University of Western Australia.
home address  71A Raymond Street, Yokine, WA, 6060
ph  +61 8 9345 0440
mobile  +61 40 888 5515
email  alex.reid@xxxxxxxxxx