...
- Participant Operational Practices (POP)
- (see comment below)
- Appropriate Contacts
- Security Incident Response Policy
- (see comment below)
- IdP Terms of Use (targeted at the user)
- (see the Participation Agreement for basic requirements)
- SP Privacy Policy (targeted at the user)
- included in User Interface Elements in SP Metadata
- Attribute Release Policy
Technical Basics
- Metadata Consumption
- refresh metadata daily
- verify the XML signature
- check the expiration date
- X.509 Certificates in Metadata
- use of self-signed certificates with 2048-bit keys
- no unexpired certificates in metadata
- controlled migration of keys
- User Interface Elements in IdP/SP Metadata
- Requested Attributes in SP Metadata
- SAML V2.0 Support
- IdPs with a TLS-protected endpoint that supports the SAML V2.0 HTTP-Redirect binding
- SPs that support SAML V2.0 should indicate so in metadata (be specific)
- SPs with a TLS-protected endpoint that supports the SAML V2.0 HTTP-POST binding
- SPs with an encryption key
- SAML V1.1 Support
- IdPs with a TLS-protected endpoint that supports the Shibboleth 1.x AuthnRequest protocol
- SPs with a TLS-protected endpoint that supports the SAML V1.1 Browser/POST profile
...