- Created by Cammie Willett, last modified by Albert Wu (internet2.edu) on Jun 12, 2024
Overview
Some research service providers (SPs) and others face increasing need to demonstrate that their users have been well identity-proofed and that their authentication credentials are multifactor and well-bound to the user. These needs are incumbent on the users’ Identity Providers (IdPs). The Assured Access Working Group identified and documented processes that may be available at least to US academic organizations that can form the basis for asserting corresponding levels of assurance of identity proofing and credential binding, publishing the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation. This work was based on the REFEDS Assurance Framework (RAF) v1.0. Since then, RAF has been updated to version 2.0.
This WG will update the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation for the revised version of RAF. The WG may decide to continue work on a more comprehensive set of recommendations after its initial release.
Learn More: Charter for the 2024 Assured Access Working Group (AAWG2)
A group mailing list can be found at:https://lists.incommon.org/sympa//info/aawg
Work Items
The 2024 Assured Access Working Group will:
- Review the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation and revise in the context of the updated RAF2, and publish as the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation v2.0.
- Assess the potential role of referral processes as compensating controls for some identity proofing steps. Egs:
- A Principal Investigator whose identity has been sufficiently proofed confirms identity evidence submitted by their collaborator.
- An instructor or advisor whose identity has been sufficiently proofed confirms identity evidence submitted by their student.
- Review and update guidance, supplemental to criteria defined in NIST 800-63, Kantara, and related standards, on ways that credential issuance, renewal, and replacement can be linked to a vetted identity, including
- In person, such as ID Card issuing or HR processes
- In association with commercial services that validate identity evidence, eg, via an API.
- Compensating controls, ie, ways that a credential can be reasonably inferred to be controlled by the proofed identity it was assigned to. Example: if a credential is required to route employee paychecks to their bank, can it be inferred to be well-bound to that employee even if the credential issuance process does not itself accomplish the linkage?
- Meet biweekly, with WG freedom to determine a more rapid meeting schedule as needed.
- Share information and coordinate with the REFEDS Assurance WG (or REFEDS leadership while WG is inactive).
- Recommend other working groups that may be needed, eg, to address similar needs in other countries.
References
- REFEDS Assurance Framework Implementation Guidance for the InCommon Federation: TI.157.1
- NIH Compliance login test: https://authdev.nih.gov/CertAuthV3/forms/compliancecheck.aspx
- electronic Research Administration (eRA) Commons: https://era.nih.gov/
- Form-I9 Training and Webinars: https://www.uscis.gov/i-9-central/form-i-9-resources/form-i-9-training
- REFEDS Assurance Framework: https://refeds.org/assurance
Mailing List
Visit:
https://lists.incommon.org/sympa//info/aawg
Meeting Details
The Assured Access WG meets every <date/time>.
Zoom coordinates:
Chairs and Sponsor
Co-Chair: Kyle Lewis
Recent space activity
-
-
-
Charter for the 2024 Assured Access Working Group created Jun 12, 2024
-
-
2021 Assured Access Working Group created Jun 12, 2024
-
-
Space contributors
- No labels