RA21, the STM and NISO initiative which aims to identify best practices for adopting federated identity in order to streamline the user experience for access to subscribed content outside institutional IP domains, has completed the evaluation of two pilots (the WAYF Cloud and the Privacy Preserving Persistent WAYF (P3W)) offering alternative technical approaches to identity provider persistence.  The evaluation involved a detailed technical evaluation by the architects of both pilots and an in-depth security and privacy analysis by the Security and Privacy team. While both the cloud based and the alternative browser based pilots were successful in testing technical approaches to identity provider persistence, the browser based Privacy Preserving Persistent WAYF (P3W) solution has been selected to take forward and develop into an operational service.

The full evaluation and security review are included below, and serve as the first formal outputs of RA21.

WAYF Cloud and P3W Security & Privacy Recommendations – July 2018

RA21 Academic Pilot Technical Evaluation – July 2018

Feedback and questions on the reports are welcome and can be submitted via our contact form.