spaces.internet2.edu has been upgraded to Confluence 6.6.0. If you have any questions and/or concerns, please contact us at websupport@internet2.edu
Page tree
Skip to end of metadata
Go to start of metadata

Baseline Expectations Webinar - January 24, 2018

Baseline Expectations for Identity Providers and Service Providers

Wednesday, January 24, 2018
2 pm ET | 1 pm CT | Noon MT | 11 am PT

Baseline Expectations for Trust in Federation will have an impact on all InCommon Federation participants. The first of three webinars will cover the Identity Provider and Service Provider expectations, as well as the plans for developing the community consensus and dispute resolutions processes. Details and connection information are here.

Connection Information

Slide sharing and audio via Adobe Connect:
http://internet2.adobeconnect.com/incommonbaselineexpectations

Back-up phone bridge:
(734) 615-7474
(866) 411-0013 (toll free US/Canada)
Access code: 0134531

NSF CC* Program Information

This year, the National Science Foundation’s proposal solicitation for its Campus Cyberinfrastructure (CC*) program has new InCommon-related requirements. These requirements help ensure that campus researchers can successfully use their campus credentials to access research related services available via global federation (InCommon and eduGain). The requirements touch on support for Baseline Expectations, as well as the Research & Scholarship Category of Service Providers. See this blog post for details on meeting the NSF requirements.

Baseline Expectations

Under the guidance of the InCommon Assurance Advisory Committee, the InCommon community has adopted a set of Baseline Expectations for Trust in Federation. The intent is to:

  • improve interoperability among InCommon Participants
  • ensure that the Federation has a common level of trust by establishing expectations that all Participants agree to meet.

In addition to the expectations themselves, the community has adopted processes by which InCommon Participants and the InCommon Federation operator keep metadata up to date and keep one-another accountable, including:

  • Automated checks of metadata by InCommon to give feedback to each Participant about their entities
  • A process for reaching community consensus on practices that meet the expectations
  • A process for Participants to raise Baseline Expectations-related and other concerns and get them resolved

The core Baseline Expectations document establishes three short lists of expectations expressed at a high level, one for each of three types of Federation actor: an Identity Provider, a Service Provider, and a Federation Operator.

Baseline Expectations of Identity Providers

  1. The IdP is operated with organizational-level authority
  2. The IdP is trusted enough to be used to access the organization’s own systems
  3. Generally-accepted security practices are applied to the IdP
  4. Federation metadata is accurate, complete, and includes:
    1. contacts in metadata (technical, administrative and security)
    2. MDUI information
    3. privacy policy URL
    4. a federated error handling URL
    5. an HTTPS link to a logo for the IdP

Baseline Expectations of Service Providers

  1. Controls are in place to reasonably secure information and maintain user privacy
  2. Information received from IdPs is not shared with third parties without permission and is stored only when necessary for SP’s purpose
  3. Generally-accepted security practices are applied to the SP
  4. Federation metadata is accurate, complete, and includes:
    1. contacts in metadata (technical, administrative and security)
    2. MDUI information
    3. privacy policy URL
    4. an HTTPS link to a logo for the SP
  5. Unless governed by an applicable contract, attributes required to obtain service are appropriate and made known publicly

Baseline Expectations of Federation Operators

  1. Focus on trustworthiness of their Federation as a primary objective and be transparent about such efforts
  2. Generally-accepted security practices are applied to the Federation’s operational systems
  3. Good practices are followed to ensure accuracy and authenticity of metadata to enable secure and trustworthy federated transactions
  4. Frameworks that improve trustworthy use of Federation, such as entity categories, are implemented and adoption by Members is promoted
  5. Work with relevant Federation Operators to promote realization of baseline expectations

Resources

Baseline Processes Roadmap

Baseline Expectations Foundational Document

Baseline Implementation Processes (document in final approval stages)

Implementing Baseline Expectations in InCommon Metadata (this document translates Baseline Expectations into an initial set of requirements for InCommon metadata)

Webinar explaining the expectations (Oct. 5, 2016)

Download the slides
Webinar recording
(Adobe Connect)

Webinar explaining implementation (July 19, 2017)

Download the slides (PDF)
View the recorded webinar (Adobe Connect)


  • No labels