Convener: Peter Pichler
Abstract: IDPs of last resort: user-centric identity - unique challenges.
What are IDP's of last resort, what different models are available? What can ORCID deliver and what not, and is ORCID an IDP?
Main issues discussed
Introduction to discussion:
Austrian eGov federation - a project for many services, authorization, security requirements with high assurance
Security classes from 1 to 3 - this system is 10 years old - we try to further develop it
This qualification is called in Austria "security classes".
To be discussed: classes and problems (government to government services)
For governmental use cases and also business cases.
Comment from the audience:
The eIDAS 2015/1502 Implementing regulation - seasonal authentication http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2015.235.01.0007.01.ENG
Question to the group: Are there examples on any form of a classification? Or plans to do something like this?
Audience: IGTF has defined levels of insurance
(Example: for scientific calculations for research work)
Summer federation based on protocols "authentication context"
- Possibilities to describe (in the case when the users forgets the password) - in a larger federation it is difficult, the higher (1,2,3) classification is a better solution.
Service providers have different security standards/policies - the classificated level of insurance should simplify this.
Kantara IAF SAC (Identity Assurance Framework) is also a75 framework, 4 layers called assurance levels (organization maturity)
(this was discussed in another session - K2 09:45 Wednesday - Tom Barton "Trust and assurance" & Identity Assurance Framework - building critical trust)
Classifying (levels) could/should simplify the handling of different authentication qualities in an identity federation.
(Peter Pichler is working on improving the Austrian framework.)