EUDAT Attribute metadata - background

EUDAT (www.eudat.eu) will increasingly need to support multi-LoA IdPs and attribute providers; indeed, the user is often asked to provide information not published by their IdP. Currently B2ACCESS manages the LoA of the IdP that the user used to authenticate. This LoA is communicated to the RP along with all user attributes, but then it would appear to the RP that all the attributes presented have the same LoA (namely, that of the IdP most recently used to authenticate), and it might vary from one login to the next if multiple IdPs are linked to the account. There is a need to communicate the certainty in at least some attributes to the RP, so the RP can decide how much to rely on them. We describe a proposal for implementing attribute LoAs as "meta-attributes." At the same time, we also cover consent to release. This work is still being explored by the EUDAT project in collaboration with AARC and EGI. This document, however, is a snapshot and summary of the thoughts