| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| en:aai:assurance [2022/05/20 00:36] – Wolfgang Pempe | en:aai:assurance [2023/01/11 16:23] – Wolfgang Pempe |
|---|
| ====== Identity Assurance ====== | ====== Identity Assurance ====== |
| <callout type="danger" title="Changes in Federation Metadata from 20 May 2022!"> | |
| In the course of the introduction of the REFEDS Assurance Framework, metadata aggregates separated according to Degrees of Reliance will no longer be available in the DFN-AAI from 20 May 2022. The distinction as to which Degree of Reliance an identity provider is assigned to will in future only be available via this entity attribute in the metadata: [[en:entity_attributes#degrees_of_reliance_of_idps|http://aai.dfn.de/loa/degree-of-reliance]]. | |
| |
| **The most important changes:** | |
| |
| The metadata aggregates dfn-aai-metadata.xml and dfn-aai-basic-metadata.xml will no longer be delivered as of 20.5.2022! | |
| |
| **Identity Providers** must import the metadata of the Service Providers of the DFN-AAI Productive Federation via this metadata URL: | |
| |
| http://www.aai.dfn.de/metadata/dfn-aai-sp-metadata.xml resp. | |
| https://www.aai.dfn.de/metadata/dfn-aai-sp-metadata.xml \\ | |
| ''(EntitiesDescriptor/@Name="https://www.aai.dfn.de/DFN-AAI-sp")'' | |
| |
| See [[en:metadata|Metadata]] and [[en:production#idp_example|the configuration examples at Production Environment]]. | |
| |
| **Service Providers** must import the metadata of the identity providers of the DFN-AAI productive federation via this metadata URL: | |
| |
| https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml \\ | |
| (EntitiesDescriptor/@Name="https://www.aai.dfn.de/DFN-AAI-idp") | |
| |
| See [[en:metadata|Metadata]] and [[en:production#sp_example|the configuration examples at Production Environment]]. | |
| |
| All other metadata aggregates distributed by the DFN-AAI (eduGAIN, test federation, local metadata) remain unaffected by this measure. | |
| However, we recommend to use the (future-proof) URL variants without '/fileadmin', cf. the recommended URLs at [[en:metadata|Metadata]]. | |
| |
| If you have any questions, please contact the DFN-AAI Team: hotline@aai.dfn.de | |
| |
| </callout> | |
| ===== Levels of Assurance and the REFEDS Assurance Framework ===== | ===== Levels of Assurance and the REFEDS Assurance Framework ===== |
| |
| * **February 2022:** Workshop(s) on the technical implementation of the [[https://refeds.org/assurance|REFEDS Assurance Frameworks]] - dates to be announced soon. | * **February 2022:** Workshop(s) on the technical implementation of the [[https://refeds.org/assurance|REFEDS Assurance Frameworks]] - dates to be announced soon. |
| * **May, 20th <del>end of April</del> 2022**, the separate metadata sets for the Degrees of Reliance //Advanced// and //Basic// will be abolished. For the productive environment of the DFN-AAI, only two metadata files will then be available, each containing the [[en:metadata|metadata]] of all productive [[https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml|IdPs]] and [[https://www.aai.dfn.de/metadata/dfn-aai-sp-metadata.xml|SPs]]. The metadata administration tool of the DFN-AAI will continue to support the two Degrees //Advanced// and //Basic//. However, the IdP-side conformance to a Degree of Reliance and the related requirements of a Service Provider will then only be available via the corresponding [[en:entity_attributes|Entity Attributes]] in the IdP and SP metadata. This type of labeling has already been implemented for some time. | * **May, 20th <del>end of April</del> 2022**, the separate metadata sets for the Degrees of Reliance //Advanced// and //Basic// will be abolished. For the productive environment of the DFN-AAI, only two metadata files will then be available, each containing the [[en:metadata|metadata]] of all productive [[https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml|IdPs]] and [[https://www.aai.dfn.de/metadata/dfn-aai-sp-metadata.xml|SPs]]. The metadata administration tool of the DFN-AAI will continue to support the two Degrees //Advanced// and //Basic//. However, the IdP-side conformance to a Degree of Reliance and the related requirements of a Service Provider will then only be available via the corresponding [[en:entity_attributes|Entity Attributes]] in the IdP and SP metadata. This type of labeling has already been implemented for some time. |
| * At the **end of 2022**, support for the Degrees of Reliance on the part of the DFN-AAI metadata registry and metadata administration tool will be discontinued. As of January 2023, information on the reliability of digital identities in the DFN-AAI will be transported exclusively via the mechanisms of the REFEDS Assurance Framework.. | * **<del>end of 2022</del> January, 12th, 2023**, support for the Degrees of Reliance on the part of the DFN-AAI metadata registry and metadata administration tool will be discontinued. As of January 2023, information on the reliability of digital identities in the DFN-AAI will be transported exclusively via the mechanisms of the REFEDS Assurance Framework.. |
| |
| ===== REFEDS Authentication Profiles ===== | ===== REFEDS Authentication Profiles ===== |