...
The basic idea is to spread the load of identity proofing by bootstrapping from any existing identity management already done today by home institutions around the Nordic countries while preserving the current organization of the NorduGRID CA. Today all GRID-certificates are issued by a single person working out of Denmark and while there may be economic benefits of sharing this resource between all NorduGRID members the identity proofing process used today scales poorly. By building on existing identity management processes it will be possible to increase the number of GRID users without increasing cost.
The best One way to delegate responsibility for identity proofing is to use a SAML identity federation to request authentication from any of the member organizations of that federation. Technically the SAML federation is a trust bridge using signed XML metadata documents to convey that a federation operator has vetted the identity management processes against a policy defined by the federation. In other words the members of the federation (which in our case would include the NorduGRID CA) can trust that identity proofing is equally good (or bad depending on the policy) by all members of the federation.
...