Abstract
In this paper we present a lightweight identity and authentication assurance framework tailored to the needs of the research & education (R&E) sector. A comprehensive requirements analysis has been carried out with its findings being compared with existing assurance frameworks such as NIST 800-63-3, IGTF and Kantara. Due to the special requirements in a federated environment that spans multiple countries, none of the existing frameworks seems to scale in this environment. In this context, conditions such as the independence of organizations, the different organizational cultures and technical capabilities prevent the definition of strict security requirements as they are required in most policies. The REFEDS assurance suite presented here, defines a set of identity and authentication assurance criteria also including two assurance profiles differentiating between low-risk and high-risk research use cases. The presented approach still incorporates relevant criteria from existing frameworks and has been evaluated by means of a public consultation and a technical pilot. The evaluation has shown successful configuration and testing with Shibboleth and SimpleSAMLphp software, but also positive feedback from the R&E community members.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Research and Education FEDerations group.
References
eduGAIN Homepage (2018). https://edugain.org/. Accessed 10 Nov 2018
Cantor, S., et al.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML). OASIS (2005)
Cantor, S.: SAML V2.0 Subject Identifier Attributes (2018)
Groep, D.: IGTF Levels of Authentication Assurance (2015)
International Standard Organization: ISO/IEC 29115: Entity Authentication Assurance Framework, first edn. (2013)
Internet2/MACE: eduperson object class specification (2016). http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html. Accessed 10 Nov 2018
ITU: X.1254: Entity authentication assurance framework (2012)
Linden, M., et al.: Recommendations on Minimal Assurance Level Relevant for Low-risk Research Use Cases (2015). https://aarc-project.eu/wp-content/uploads/2015/11/MNA31-Minimum-LoA-level.pdf. Accessed 10 Nov 2018
National Institute of Standards and Technology: Special Publication 800–63-3: Digital Identity Guidelines (2017)
REFEDS: REFEDS Public Consultation (2018). https://wiki.refeds.org/display/CON/Consultations+Home. Accessed 07 Dec 2018
REFEDS: REFEDS Specifications (2018). https://refeds.org/specifications. Accessed 02 Dec 2018
REFEDS: REFEDS wiki: RAF pilot final report (2018). https://wiki.refeds.org/display/GROUPS/RAF+pilot+final+report. Accessed 07 Dec 2018
Richer, J., Johansson, L.: RFC 8485: Vectors of Trust. IETF (2018)
Wilsher, R.G.: Identity Assurance Framework: Service Assessment Criteria. Kantara Initiative Inc, 5.0 edn. (2016)
Acknowledgment
The research leading to these results has received funding from the Europeans Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 731122 (GN4-2) and 730941 (AARC2). The authors wish to thank the project members of GÉANT, AARC2 as well as the REFEDS community for helpful discussions and feedback to continuously improve the work presented in this paper.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ziegler, J.A., Schmidt, M., Linden, M. (2019). Improving Identity and Authentication Assurance in Research & Education Federations. In: Mauw, S., Conti, M. (eds) Security and Trust Management. STM 2019. Lecture Notes in Computer Science(), vol 11738. Springer, Cham. https://doi.org/10.1007/978-3-030-31511-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-31511-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31510-8
Online ISBN: 978-3-030-31511-5
eBook Packages: Computer ScienceComputer Science (R0)