AARC-G029 Guidelines on stepping up the authentication component in AAIs implementing the AARC BPA

A number of research community use cases require users to verify their identity by using more than one type of credentials, for instance using password authentication, together with some physical object such as a phone or usb stick that generates tokens/pins, etc. At the same time, there are services that may require an already logged in user to re-authenticate using a stronger authentication mechanism when accessing sensitive resources. Authentication step-up is then needed to improve the original authentication strength of those users. This document provides guidelines on step-up of the authentication component. It covers requirements and implementation recommendations, describes a proposed authentication step-up model, and outlines related work and documentation.

Document URLhttps://aarc-project.eu/wp-content/uploads/2018/05/AARC-G029_Guidelines-on-Step-Up-Authentication.pdf
Development informationAARC Project Wiki
Status: Final (30 Mar 2018)
Errata: none
Supersedes: none