Assurance - EUDAT Documentation

<!doctype html> <html lang="en" class="no-js"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link rel="canonical" href="https://docs.eudat.eu/b2access/assurance/"> <link rel="prev" href="../"> <link rel="next" href="../concepts/"> <link rel="icon" href="../../assets/images/favicon.png"> <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.41"> <title>Assurance - EUDAT Documentation</title> <link rel="stylesheet" href="../../assets/stylesheets/main.0253249f.min.css"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"> <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style> <link rel="stylesheet" href="../../config/extra.css"> <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script> </head> <body dir="ltr"> <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> <label class="md-overlay" for="__drawer"></label> <div data-md-component="skip"> <a href="#guidelines-for-expressing-assurance" class="md-skip"> Skip to content </a> </div> <div data-md-component="announce"> </div> <header class="md-header" data-md-component="header"> <nav class="md-header__inner md-grid" aria-label="Header"> <a href="../.." title="EUDAT Documentation" class="md-header__button md-logo" aria-label="EUDAT Documentation" data-md-component="logo"> <img src="../../images/EUDAT_Partial_White.png" alt="logo"> </a> <label class="md-header__button md-icon" for="__drawer"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class="md-header__title" data-md-component="header-title"> <div class="md-header__ellipsis"> <div class="md-header__topic"> <span class="md-ellipsis"> EUDAT Documentation </span> </div> <div class="md-header__topic" data-md-component="header-topic"> <span class="md-ellipsis"> Assurance </span> </div> </div> </div> <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script> <label class="md-header__button md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> </label> <div class="md-search" data-md-component="search" role="dialog"> <label class="md-search__overlay" for="__search"></label> <div class="md-search__inner" role="search"> <form class="md-search__form" name="search"> <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required> <label class="md-search__icon md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </label> <nav class="md-search__options" aria-label="Search"> <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg> </button> </nav> <div class="md-search__suggest" data-md-component="search-suggest"></div> </form> <div class="md-search__output"> <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix> <div class="md-search-result" data-md-component="search-result"> <div class="md-search-result__meta"> Initializing search </div> <ol class="md-search-result__list" role="presentation"></ol> </div> </div> </div> </div> </div> </nav> </header> <div class="md-container" data-md-component="container"> <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs"> <div class="md-grid"> <ul class="md-tabs__list"> <li class="md-tabs__item"> <a href="../.." class="md-tabs__link"> Documentation </a> </li> <li class="md-tabs__item md-tabs__item--active"> <a href="../" class="md-tabs__link"> B2ACCESS </a> </li> <li class="md-tabs__item"> <a href="../../b2drop/" class="md-tabs__link"> B2DROP </a> </li> <li class="md-tabs__item"> <a href="../../b2find/" class="md-tabs__link"> B2FIND </a> </li> <li class="md-tabs__item"> <a href="../../b2handle/" class="md-tabs__link"> B2HANDLE </a> </li> <li class="md-tabs__item"> <a href="../../b2inst/" class="md-tabs__link"> B2INST </a> </li> <li class="md-tabs__item"> <a href="../../b2safe/" class="md-tabs__link"> B2SAFE </a> </li> <li class="md-tabs__item"> <a href="../../b2share/overview/" class="md-tabs__link"> B2SHARE </a> </li> <li class="md-tabs__item"> <a href="../../datacite/" class="md-tabs__link"> DataCite </a> </li> <li class="md-tabs__item"> <a href="https://eudat.eu" class="md-tabs__link"> EUDAT website </a> </li> <li class="md-tabs__item"> <a href="https://eudat.eu/contact-support-request" class="md-tabs__link"> Feedback + Support </a> </li> </ul> </div> </nav> <main class="md-main" data-md-component="main"> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--primary md-nav--lifted md-nav--integrated" aria-label="Navigation" data-md-level="0"> <label class="md-nav__title" for="__drawer"> <a href="../.." title="EUDAT Documentation" class="md-nav__button md-logo" aria-label="EUDAT Documentation" data-md-component="logo"> <img src="../../images/EUDAT_Partial_White.png" alt="logo"> </a> EUDAT Documentation </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../.." class="md-nav__link"> <span class="md-ellipsis"> Documentation </span> </a> </li> <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked> <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex=""> <span class="md-ellipsis"> B2ACCESS </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="true"> <label class="md-nav__title" for="__nav_2"> <span class="md-nav__icon md-icon"></span> B2ACCESS </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc"> <label class="md-nav__link md-nav__link--active" for="__toc"> <span class="md-ellipsis"> Assurance </span> <span class="md-nav__icon md-icon"></span> </label> <a href="./" class="md-nav__link md-nav__link--active"> <span class="md-ellipsis"> Assurance </span> </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#available-assurance-profiles" class="md-nav__link"> <span class="md-ellipsis"> Available Assurance Profiles: </span> </a> </li> <li class="md-nav__item"> <a href="#available-assurance-components" class="md-nav__link"> <span class="md-ellipsis"> Available Assurance Components </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../concepts/" class="md-nav__link"> <span class="md-ellipsis"> Concepts </span> </a> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_4" > <label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex=""> <span class="md-ellipsis"> For Users </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_2_4"> <span class="md-nav__icon md-icon"></span> For Users </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../howto-mfa/" class="md-nav__link"> <span class="md-ellipsis"> Enabling MFA </span> </a> </li> <li class="md-nav__item"> <a href="../howto-update-email/" class="md-nav__link"> <span class="md-ellipsis"> Updating Email </span> </a> </li> <li class="md-nav__item"> <a href="../list-of-connected-organisations/" class="md-nav__link"> <span class="md-ellipsis"> List of connected organisations </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_4_4" > <label class="md-nav__link" for="__nav_2_4_4" id="__nav_2_4_4_label" tabindex="0"> <span class="md-ellipsis"> For group administrators </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_4_4_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_2_4_4"> <span class="md-nav__icon md-icon"></span> For group administrators </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../howto-vos/" class="md-nav__link"> <span class="md-ellipsis"> Requesting a group </span> </a> </li> <li class="md-nav__item"> <a href="../howto-vo-management/" class="md-nav__link"> <span class="md-ellipsis"> Managing a group </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_4_5" > <label class="md-nav__link" for="__nav_2_4_5" id="__nav_2_4_5_label" tabindex="0"> <span class="md-ellipsis"> For Service Providers </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_4_5_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_2_4_5"> <span class="md-nav__icon md-icon"></span> For Service Providers </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../howto-services/" class="md-nav__link"> <span class="md-ellipsis"> Registering a services </span> </a> </li> <li class="md-nav__item"> <a href="../attributes-sp/" class="md-nav__link"> <span class="md-ellipsis"> Available attributes </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_4_6" > <label class="md-nav__link" for="__nav_2_4_6" id="__nav_2_4_6_label" tabindex="0"> <span class="md-ellipsis"> For Identity Providers </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_4_6_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_2_4_6"> <span class="md-nav__icon md-icon"></span> For Identity Providers </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../howto-idps/" class="md-nav__link"> <span class="md-ellipsis"> Joining as an Identity Provider </span> </a> </li> <li class="md-nav__item"> <a href="../attributes-idp/" class="md-nav__link"> <span class="md-ellipsis"> Consumed attributes </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../about/" class="md-nav__link"> <span class="md-ellipsis"> About </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" > <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0"> <span class="md-ellipsis"> B2DROP </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_3"> <span class="md-nav__icon md-icon"></span> B2DROP </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2drop/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2" > <label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0"> <span class="md-ellipsis"> For Users </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_3_2"> <span class="md-nav__icon md-icon"></span> For Users </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2drop/user/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2_2" > <label class="md-nav__link" for="__nav_3_2_2" id="__nav_3_2_2_label" tabindex="0"> <span class="md-ellipsis"> For groups </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_2_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_3_2_2"> <span class="md-nav__icon md-icon"></span> For groups </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2drop/groups/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_3" > <label class="md-nav__link" for="__nav_3_3" id="__nav_3_3_label" tabindex="0"> <span class="md-ellipsis"> For Administrators </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_3_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_3_3"> <span class="md-nav__icon md-icon"></span> For Administrators </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2drop/admin/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../b2drop/b2sharebridge/" class="md-nav__link"> <span class="md-ellipsis"> Enabling the B2SHAREbridge </span> </a> </li> <li class="md-nav__item"> <a href="../../b2drop/setup/" class="md-nav__link"> <span class="md-ellipsis"> Install B2DROP </span> </a> </li> <li class="md-nav__item"> <a href="../../b2drop/integration/" class="md-nav__link"> <span class="md-ellipsis"> Integrate with B2ACCESS </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../../b2drop/about/" class="md-nav__link"> <span class="md-ellipsis"> About </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" > <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0"> <span class="md-ellipsis"> B2FIND </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_4"> <span class="md-nav__icon md-icon"></span> B2FIND </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2find/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../b2find/forusers/" class="md-nav__link"> <span class="md-ellipsis"> For Users </span> </a> </li> <li class="md-nav__item"> <a href="../../b2find/forproviders/" class="md-nav__link"> <span class="md-ellipsis"> For Providers </span> </a> </li> <li class="md-nav__item"> <a href="../../b2find/about/" class="md-nav__link"> <span class="md-ellipsis"> About </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" > <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0"> <span class="md-ellipsis"> B2HANDLE </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_5"> <span class="md-nav__icon md-icon"></span> B2HANDLE </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2handle/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../b2handle/foradministrators/" class="md-nav__link"> <span class="md-ellipsis"> For Administrators </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_3" > <label class="md-nav__link" for="__nav_5_3" id="__nav_5_3_label" tabindex="0"> <span class="md-ellipsis"> For Developers </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_3_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_5_3"> <span class="md-nav__icon md-icon"></span> For Developers </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2handle/fordevelopers/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../b2handle/fordevelopers_pyhandle/" class="md-nav__link"> <span class="md-ellipsis"> PyHandle for Developers </span> </a> </li> <li class="md-nav__item"> <a href="../../b2handle/fordevelopers_b2handle/" class="md-nav__link"> <span class="md-ellipsis"> B2Handle for Developers </span> </a> </li> <li class="md-nav__item"> <a href="../../b2handle/fordevelopers_api/" class="md-nav__link"> <span class="md-ellipsis"> API for Developers </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_4" > <label class="md-nav__link" for="__nav_5_4" id="__nav_5_4_label" tabindex="0"> <span class="md-ellipsis"> Information </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_4_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_5_4"> <span class="md-nav__icon md-icon"></span> Information </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2handle/ownership/" class="md-nav__link"> <span class="md-ellipsis"> Ownership </span> </a> </li> <li class="md-nav__item"> <a href="../../b2handle/security/" class="md-nav__link"> <span class="md-ellipsis"> Security </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../../b2handle/more/" class="md-nav__link"> <span class="md-ellipsis"> More Info </span> </a> </li> <li class="md-nav__item"> <a href="../../b2handle/about/" class="md-nav__link"> <span class="md-ellipsis"> About </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" > <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0"> <span class="md-ellipsis"> B2INST </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_6"> <span class="md-nav__icon md-icon"></span> B2INST </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2inst/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_2" > <label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0"> <span class="md-ellipsis"> For Users </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_6_2"> <span class="md-nav__icon md-icon"></span> For Users </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2inst/forusers/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../b2inst/advancedsearch/" class="md-nav__link"> <span class="md-ellipsis"> Advanced Search </span> </a> </li> <li class="md-nav__item"> <a href="../../b2inst/httpapi/" class="md-nav__link"> <span class="md-ellipsis"> HTTP REST API </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../../b2inst/foradministrators/" class="md-nav__link"> <span class="md-ellipsis"> For Administrators </span> </a> </li> <li class="md-nav__item"> <a href="../../b2inst/fordevelopers/" class="md-nav__link"> <span class="md-ellipsis"> For Developers </span> </a> </li> <li class="md-nav__item"> <a href="../../b2inst/about/" class="md-nav__link"> <span class="md-ellipsis"> About </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" > <label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0"> <span class="md-ellipsis"> B2SAFE </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_7"> <span class="md-nav__icon md-icon"></span> B2SAFE </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2safe/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../b2safe/forusers/" class="md-nav__link"> <span class="md-ellipsis"> For Users </span> </a> </li> <li class="md-nav__item"> <a href="../../b2safe/foradministrators/" class="md-nav__link"> <span class="md-ellipsis"> For Administrators </span> </a> </li> <li class="md-nav__item"> <a href="../../b2safe/fordevelopers/" class="md-nav__link"> <span class="md-ellipsis"> For Developers </span> </a> </li> <li class="md-nav__item"> <a href="../../b2safe/about/" class="md-nav__link"> <span class="md-ellipsis"> About </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" > <label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0"> <span class="md-ellipsis"> B2SHARE </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_8"> <span class="md-nav__icon md-icon"></span> B2SHARE </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2share/overview/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8_2" > <label class="md-nav__link" for="__nav_8_2" id="__nav_8_2_label" tabindex="0"> <span class="md-ellipsis"> For Users </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_8_2_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_8_2"> <span class="md-nav__icon md-icon"></span> For Users </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2share/forusers/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../b2share/advancedsearch/" class="md-nav__link"> <span class="md-ellipsis"> Advance Search </span> </a> </li> <li class="md-nav__item"> <a href="../../b2share/httpapi/" class="md-nav__link"> <span class="md-ellipsis"> HTTP REST API </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8_3" > <label class="md-nav__link" for="__nav_8_3" id="__nav_8_3_label" tabindex="0"> <span class="md-ellipsis"> For Developers </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_8_3_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_8_3"> <span class="md-nav__icon md-icon"></span> For Developers </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2share/fordevelopers/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8_4" > <label class="md-nav__link" for="__nav_8_4" id="__nav_8_4_label" tabindex="0"> <span class="md-ellipsis"> For Administrators </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_8_4_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_8_4"> <span class="md-nav__icon md-icon"></span> For Administrators </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../b2share/foradministrators/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../b2share/cli/" class="md-nav__link"> <span class="md-ellipsis"> Command Line Interface (CLI) </span> </a> </li> <li class="md-nav__item"> <a href="../../b2share/httpapi/" class="md-nav__link"> <span class="md-ellipsis"> HTTP REST API </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../../b2share/faq/" class="md-nav__link"> <span class="md-ellipsis"> F.A.Q.s </span> </a> </li> <li class="md-nav__item"> <a href="../../b2share/about/" class="md-nav__link"> <span class="md-ellipsis"> About </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" > <label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0"> <span class="md-ellipsis"> DataCite </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_9"> <span class="md-nav__icon md-icon"></span> DataCite </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../datacite/" class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item"> <a href="../../datacite/forusers/" class="md-nav__link"> <span class="md-ellipsis"> For Users </span> </a> </li> <li class="md-nav__item"> <a href="../../datacite/about/" class="md-nav__link"> <span class="md-ellipsis"> About </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="https://eudat.eu" class="md-nav__link"> <span class="md-ellipsis"> EUDAT website </span> </a> </li> <li class="md-nav__item"> <a href="https://eudat.eu/contact-support-request" class="md-nav__link"> <span class="md-ellipsis"> Feedback + Support </span> </a> </li> </ul> </nav> </div> </div> </div> <div class="md-content" data-md-component="content"> <article class="md-content__inner md-typeset"> <h1 id="guidelines-for-expressing-assurance">Guidelines for Expressing Assurance<a class="headerlink" href="#guidelines-for-expressing-assurance" title="Permanent link">#</a></h1>  <p>As a base for expressing assurance we will rely on the <a href="https://refeds.org/assurance">REFEDS Assurance Framework (RAF)</a>. Based on RAF, additional assurance profiles are also defined in the <a href="https://aarc-project.eu/guidelines/aarc-g021">AARC-G021</a> guideline.</p> <p>There are different assurance levels available within B2ACCESS. These levels are expressed in <strong>two</strong> different ways, <strong>all</strong> of which are transported in the <code>eduperson_assurance</code> claim. The two different ways are called <strong>Profiles</strong> and <strong>Components</strong>.</p> <ul> <li> <p><strong>Profiles</strong> are composed by a set of components and are believed to make it easier for services to filter the users which they want to let in.</p> </li> <li> <p><strong>Components</strong> are available, only for the case that a more complex analysis of the users assurance is required.</p> </li> </ul> <h2 id="available-assurance-profiles">Available Assurance Profiles:<a class="headerlink" href="#available-assurance-profiles" title="Permanent link">#</a></h2> <p>We promote the use of these assurance profiles:</p> <ul> <li><code>AARC Assam</code>: Users that logged in with a “social” identity, such as ORCID, Github, or Google.</li> <li><code>IGTF Dogwood</code>: Users that do have a home organisation that fulfils minimal security standards, such as permanently recording which user used which identifier. </li> <li><code>RAF Cappuccino</code>: Users had to be verified by checking the passport at the home institution. </li> <li><code>RAF Espresso</code> is very difficult to achieve, but may be developed for high-risk services in the future. For the user it means that his/her photo ID was successfully verified against a government database, and he/she uses multi-factor authentication for authentication.</li> </ul> <p>Services should maintain a list of assurance-profiles that they want to support. </p> <h2 id="available-assurance-components">Available Assurance Components<a class="headerlink" href="#available-assurance-components" title="Permanent link">#</a></h2> <p>RAF (REFEDS Assurance Framework) defines individual components:</p> <ul> <li><code>ID</code>: Identifier uniqueness</li> <li><code>IAP</code>: Identity proofing</li> <li><code>ATP</code>: Attribute quality and freshness</li> </ul> <p><img alt="Assurance Profiles" src="../images/assurance-profiles.png" /> </p> <h1 id="examples">Examples<a class="headerlink" href="#examples" title="Permanent link">#</a></h1> <ul> <li> <p>A user’s assurance from a DFN-AAI institution would look like this:</p> <div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">"eduperson_assurance"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/ATP/ePA-1d"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/ATP/ePA-1m"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/IAP/local-enterprise"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/IAP/low"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/IAP/medium"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/ID/eppn-unique-no-reassign"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/ID/unique"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/profile/cappuccino"</span> <span class="w"> </span><span class="p">],</span> </code></pre></div> <p>In detail:</p> <ul> <li><code>ATP/ePA-1d</code> User Attributes are updated not more than <strong>one day</strong> after they changed.</li> <li><code>ATP/ePA-1m</code> User Attributes are updated not more than <strong>one month</strong> after they changed.</li> <li><code>IAP/local-enterprise</code>: User would qualify to access the Home Organisation鈥檚 internal administrative systems</li> <li><code>IAP/low</code>: self-asserted identity together with verified e-mail address</li> <li><code>IAP/medium</code>: sent a copy of their government issued photo-ID to the CSP and the CSP has had a remote live video conversation</li> <li><code>ID/eppn-unique-no-reassign</code>: <code>eduPersonPrincipalName</code> value is not reassigned</li> <li><code>ID/unique</code>: User Identifier:<ul> <li>The user identifier represents a single natural person</li> <li>The person to whom the identifier is issued can be contacted</li> <li>The user identifier is never re-assigned</li> </ul> </li> <li><code>profile/cappuccino</code>: The profile information that asserts all of the above (see image).</li> </ul> </li> <li> <p>A user that came via a “social IdP” such as google, github or ORCID would look like this:</p> <div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">"eduperson_assurance"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/IAP/low"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://refeds.org/assurance/ID/unique"</span><span class="p">,</span> <span class="w"> </span><span class="s2">"https://aarc-project.eu/policy/authn-assurance/assam"</span><span class="p">,</span> <span class="w"> </span><span class="p">],</span> </code></pre></div> <p>In detail:</p> <ul> <li>Missing <code>ATP/</code>: We cannot make any statement about updates of attributes</li> <li><code>ID/unique</code>: Social IdPs are generally very good of keeping the identifier linked to the same user.</li> <li><code>https://aarc-project.eu/policy/authn-assurance/assam</code>: AARC-defined profile to describe social-IdP users.</li> </ul> </li> </ul> <h3 id="check-your-assurance">Check your Assurance<a class="headerlink" href="#check-your-assurance" title="Permanent link">#</a></h3> <p>To see your own assurance, go to <a href="https://orpheus.data.kit.edu/authcode/EUDAT%20B2Access%20Prod">https://orpheus.data.kit.edu/authcode/EUDAT%20B2Access%20Prod</a>, log in and look at the “User Info From Userinfo Endpoint”</p> <h2 id="additional-information">Additional Information<a class="headerlink" href="#additional-information" title="Permanent link">#</a></h2> <p>Additional information on the REFEDS Assurance Framework is <a href="../concepts/#the-identity-assurance-concept">collected here</a>.</p> <p>Mapping attributes between SAML and OIDC is discussed in the <a href="https://docs.google.com/document/d/1b-Mlet3Lq7qKLEf1BnHJ4nL1fq-vMe7fzpXyrq2wp08/edit">=> REFEDS OIDCre white paper</a>, especially Table 1.</p> <h2 id="the-proxy-and-the-assurance">The Proxy and the Assurance<a class="headerlink" href="#the-proxy-and-the-assurance" title="Permanent link">#</a></h2> <p>There are still IdPs that do not support the REFEDS Assurance Framework. For the time being, we will use the B2ACCESS Proxy (i.e. unity) to assess the originating IdP and then assert a given assurance profile (using the <code>eduperson_assurance</code> claim).</p> <ul> <li> <p><strong>Honoring the IdP</strong>: essentially, we “honor” the info coming from the IdP, i.e. if the IdP is releasing any of the assurance info, we present it as such to downstream services.</p> </li> <li> <p><strong>IdP “whitelisting”</strong>: for IdPs known to follow required procedures for expressing assurance components (e.g. have proper identity vetting), but do not express them via SAML assertions, we can (automatically) assert those claims downstream to SPs that consume this info. This may involve “translating” or “interpreting” certain attributes (e.g. value “staff” may translate to “medium”, while “student” do not, etc.)</p> </li> <li> <p><strong>PI (Principal Investigator) action</strong>: the PI is responsible of the VO he/she manages. The PI can accept members that do not meet the assurance requirement, but they cannot access services with assurance requirements that exceed those the users has.</p> <ul> <li>We are therefore working on a method that allows authorised personnel to raise individual components of a users’ assurance.</li> <li>Please understand that this is quite complex and hence still under investigation.</li> </ul> </li> </ul> <p> </p> <p>Last update: 09.02.2024</p> </article> </div> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> <button type="button" class="md-top md-icon" data-md-component="top" hidden> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> Back to top </button> </main> <footer class="md-footer"> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class="md-copyright"> <div class="md-copyright__highlight"> This documentation is licensed under <a href='https://creativecommons.org/licenses/by-sa/3.0/legalcode'>CC BY-SA 3.0      <img src='/images/cc-by-sa_icon.png'></a>                                                                                                                </div> </div> <div class="md-social"> <a href="https://gitlab.eudat.eu/sa.apweiler/eudat-documentation" target="_blank" rel="noopener" title="gitlab.eudat.eu" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg> </a> </div> </div> </div> </footer> </div> <div class="md-dialog" data-md-component="dialog"> <div class="md-dialog__inner md-typeset"></div> </div> <script id="__config" type="application/json">{"base": "../..", "features": ["navigation.sections", "navigation.tabs", "navigation.top", "toc.integrate", "search.suggest"], "search": "../../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script> <script src="../../assets/javascripts/bundle.83f73b43.min.js"></script> </body> </html>

CINXE.COM

Assurance - EUDAT Documentation