Improving assurance about federated identities
Posted on Tuesday, 24 October 2023
Some services available through the UK federation require more assurance about federated accounts than eduPersonScopedAffiliation by itself. Service owners are asking questions like "has the home organisation seen government-issued photo identification about the account holder?" or "is the identifier re-used when the person leaves?" If you are asking similar questions, you may find the REFEDS Assurance Framework (https://refeds.org/assurance) useful.
It has been developed to answer such questions and is more fine-grained than the UK federation's "Section 6" User Accountability for IdPs.
There is now an account on the UK federation Test IdP for SPs to test authorization flows based on the REFEDS Assurance Framework (https://www.ukfederation.org.uk/content/Documents/TestIdP#sylvester). We have started with the simplest possible implementation and wish to build out from there. Please contact Alex Stuart, Trust & Identity Technical Architect, through the UK federation helpdesk to discuss assurance.
Edited by SteveGlover on 24 October 2023, at 04:19 PM