Subject Re: discussion on assurance
From Peter Schober <peter.schober@xxxxxxxxxxxx>
Date Thu, 7 Jul 2011 14:56:16 +0200


* Alex Reid <alex.reid@xxxxxxxxxx> [2011-07-07 14:43]:
> While it is true that it might be unreasonable/impractical to
> require all IdPs to assert all their members at LOA2, it is not
> unrealistic to require them to assert *some* of their members at
> LOA2 (at least);  this would be required if we are authenticating
> users for special/expensive facilities like telescopes, particle
> colliders, supercomputers, etc.  But those will only ever be a
> fraction of the total user population of most IdPs, so the
> overhead/expense may be tolerable (especially as most institutions
> already do that for Grid users, etc).

This possibly depends on local IdM practices more than anything else,
but at least for the university I work for I would think that the
systems and processes that needed to be looked at (and audited) do not
differ significantly based on whether the electronic identities
therein represent e-science (or whatever the term is) users or not.

That is to say, it'd be the same effort (and costs) do to this for one
group of people as it would be to do this for (almost) all identities,
making the case of doing this only for a selected group economically
less alluring, not more. I may be wrong, of course.