...
- Participant Operational Practices (POP)
- (see comment below)
- Appropriate Contacts in Metadata
- Security Incident Response Policy
- (see comment below)
- IdP Terms of Use (targeted at the user)
- (see the Participation Agreement for basic requirements)
- SP Privacy Policy (targeted at the user)
- included in User Interface Elements in SP Metadata
- Attribute Release Policy
Technical Basics
- Metadata Consumption
- refresh metadata daily
- verify the XML signature
- check the expiration date
- X.509 Certificates in Metadata
- use of self-signed certificates with 2048-bit keys
- no unexpired certificates in metadata
- controlled migration of keys
- User Interface Elements in IdP/SP Metadata
- Requested Attributes in SP Metadata
- Service Endpoints in Metadata
Operational Maturity
- Metadata Consumption
- Maintaining Supported SoftwareOperational Compliance with Metadata IOP
- Federation a "First Order" UI
- Discovery
- Choices offered should result in an "acceptable" experience
- SP User Interface
- Guidance for the flow through SP, DS, IdP
- Visual "branding" (e.g., InCommon logo in appropriate places)
- Appropriate help links/contacts at each step.
- Error Handling
- Look and Feel
- Useful Contacts
- Guidance for the flow through SP, DS, IdP
- Identity attributes
- Regular (event-driven? nightly?) synchronization with systems of record
- Documentation of locally-defined attributes
- Education
- For end-users
- Privacy
- Appropriate use
- Protection of secrets
- For service providers
- Privacy requirements
- Good UI practice
- For end-users
...