...
InCommon expects this set of recommendations will evolve as new capabilities are added to federation infrastructure, and as participants gain more experience with what practices work best.
| Table of Contents |
|---|
Organizational Presence
A key part of creating online trust is accurately representing your organization to other federation participants, including organization identity management and security practices, and contact information.
...
- Appropriate staff monitor "security" and/or "announce" mailing lists for critical software.
- Software versions are reasonably current and upgraded ahead of "end of life" dates.
Protect Against Failed Metadata Processes
- Shibboleth IdP
Allocate at least 1500MB of heap space in the JVM
Enable DEBUG-level logging on selected Java classes
Federated User Experience
...
- IdPs support the eduPersonPrincipalName and eduPersonTargetedID attributes.
- When SAML 2.0 is used, the "persistent" <NameID> format is used to represent the eduPersonTargetedID attribute.
- The release of eduPersonTargetedID is automated for most or all affiliates (save perhaps for students opting out under FERPA) to SPs that are not otherwise subject to user anonymity requirements, such as some library services.
| HTML Comment | ||
|---|---|---|
| ||
Parked Items
|