| Category | Feature | AcademicID | Didmos | RegApp | Unity |
|---|---|---|---|---|---|
| Accounts | Automatic User Deprovision | yes, IDM Lifecycle processes |
yes, SAML, didmos Provisioner
target system connectors
|
yes, AQs againt SAML-IdPs |
in development |
| Account Linking | yes | in development | yes | yes | |
| Consent/Token Management | yes, user selfservice, administrative UI |
yes
Consent: external module,
Token Managment: integrated |
in development | yes | |
| Group Management | VO-based features | yes, auto/manual |
yes
e.g. group management
|
yes, auto/manual |
yes, semi-automated/manual |
| Dataset-based authorisation | N/A | yes, RBAC, scriptable attributes |
yes, scriptable attributes |
N/A | |
| External Datasources | yes, synchronization |
yes, synchronization |
yes, attribute import/export |
yes, additional attributes |
|
| Scalability | yes | yes | yes
horizontically,
vertically, on-line maintenance |
yes | |
| Multi-Tenancy | yes | yes | yes, Frontend-URL, UI-Themes |
yes | |
| Guideline Support | Sirtfi: Collect security contacts for every registered service | yes | yes
can be done in metadata
|
yes | yes |
| G021: Exchange of specific assurance information between Infrastructure | N/A | yes | yes | yes | |
| G025: Guidelines for expressing affiliation information | N/A | yes | yes | yes | |
| G026: Guidelines for expressing community user identifiers | N/A | yes | yes | yes | |
| G027: Specification for expressing resource capabilities | N/A | yes | yes | yes | |
| G031: Guidelines for evaluating the combined assurance of linked identities | N/A | in development | in development | - | |
| G045: AARC Blueprint Architecture 2019 | yes | yes | yes | yes | |
| G057: Inferring and constructing voPersonExternalAffiliation | N/A | yes | yes | in development | |
| G061: Specification for IdP hinting (obsoletes AARC-G049) | N/A | in development | - | - | |
| G062: Specification for hinting an IdP which discovery service to use | N/A | in development | - | - | |
| G063: Specification for providing information about an end service | N/A | in development | yes
but not according to specification
|
- | |
| G069: Expressing group and role information (supersedes AARC-G002) | N/A | yes | yes | yes | |
| G071: Guidelines for Secure Operation of Attribute Authorities | N/A | - | partially | - | |
| Infrastructure Proxy Functionality | G052: Proxied Token Introspection | N/A | - | N/A | N/A |
| G061: Specification for IdP hinting (obsoletes AARC-G049) | N/A | in development | N/A | N/A | |
| G062: Specification for hinting an IdP which discovery service to use | N/A | in development | N/A | N/A | |
| G063: Specification for providing information about an end service | N/A | in development | N/A | N/A | |
| MFA | Step-Up/MFA Authentication | yes, PrivacyIDEA |
yes, eduMFA |
yes, privacyIDEA, LinOTP, eduMFA |
yes |
| Pass on MFA upstream | N/A | in development | in development | N/A | |
| Pass on MFA downstream | N/A | in development | in development | N/A | |
| OIDC | Public Client | yes | yes | yes | yes |
| Dynamic Client Registration | - | in development | - | - | |
| Client Registration Procedure | email/manual | email/manual | email/manual | webpage, automated + approval |
|
| Policy Support | Top Level Policy | N/A | yes | yes | yes |
| Security Incident Response Procedure | N/A | yes | yes | yes | |
| Policy for the Processing of Private Data | yes | yes | yes | yes | |
| Infrastructure Attribute Profile | yes | yes | yes | yes | |
| Proxy Privacy Policy | N/A | N/A | yes | yes | |
| Service Access Policy (optional) | N/A | N/A | N/A | N/A | |
| Protocols | SAML IdP | yes | yes | yes | yes |
| SAML SP | yes | yes | yes | yes | |
| OIDC RP | yes | yes | yes | yes | |
| OIDC OP | yes | yes | yes | yes | |
| System | System Requierments | "as-a-Service" model | Docker Container, "as-a-Service" model |
Java 11/17, JDBC-connectable SQL DB, LB Proxy |
Java, SQL DB |