====== Identity Assurance ======

===== Levels of Assurance and  the REFEDS Assurance Framework =====

**The reliability of digital identities is an essential factor in the trust fabric of an identity federation like DFN-AAI.** 

The [[https://refeds.org/assurance|REFEDS Assurance Framework]] defines how identity assurance information can be transported via values of the [[de:common_attributes#a14|eduPersonAssurance]] attribute. It enables service providers to address particularly relevant reliability criteria separately (if necessary), depending on individual protection requirements. As a internationally recognized standard, the [[https://refeds.org/assurance|REFEDS Assurance Framework]] is a key factor for the connectivity of the DFN-AAI in the international context. This particularly concerns the support of research communities that depend on cross-federation collaboration via [[https://wiki.geant.org/display/eduGAIN/|eduGAIN]]. 

A more detailed presentation (in German) of the facts can be found in [[https://www2.dfn.de/fileadmin/5Presse/DFNMitteilungen/DFN_Mitteilungen_100.pdf|DFN-Mitteilungen Nr. 100]] starting on page 42.

===== Information for Identity Providers =====
[[de:aai:assurance_idp|REFEDS Assurance Framework implementation notes and configuration examples for IdPs]] (German).

===== Information for Service Providers =====
[[en:aai:assurance_sp|REFEDS Assurance Framework implementation notes and configuration examples for SPs]].

===== Roadmap for the Transition Process =====
  * **February 2022:** Workshop(s) on the technical implementation of the [[https://refeds.org/assurance|REFEDS Assurance Frameworks]] - dates to be announced soon.
  * **May, 20th <del>end of April</del> 2022**, the separate metadata sets for the Degrees of Reliance //Advanced// and //Basic// will be abolished. For the productive environment of the DFN-AAI, only two metadata files will then be available, each containing the [[en:metadata|metadata]] of all productive [[https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml|IdPs]] and [[https://www.aai.dfn.de/metadata/dfn-aai-sp-metadata.xml|SPs]]. The metadata administration tool of the DFN-AAI will continue to support the two Degrees //Advanced// and //Basic//. However, the IdP-side conformance to a Degree of Reliance and the related requirements of a Service Provider will then only be available via corresponding Entity Attributes in the IdP and SP metadata. This type of labeling has already been implemented for some time. 
  * **<del>end of 2022</del> January, 12th, 2023**, support for the Degrees of Reliance on the part of the DFN-AAI metadata registry and metadata administration tool will be discontinued. As of January 2023, information on the reliability of digital identities in the DFN-AAI will be transported exclusively via the mechanisms of the REFEDS Assurance Framework..

===== REFEDS Authentication Profiles =====
  * [[https://refeds.org/profile/sfa|Single Factor Authentication Profile]]
  * [[https://refeds.org/profile/mfa|Multi-Factor Authentication Profile]] 
    * FAQ with examples for SP and IdP Operators: https://wiki.refeds.org/display/PRO/MFA+Profile+FAQ 
    * Shibboleth Wiki: [[https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2114781453/Requiring+Multi-Factor+Authentication|Requiring Multi-Factor Authentication]]
FIXME: More documentation to follow soon
   

{{tag>assurance}}