Versions Compared

Old Version 52

changes.mady.by.user Scott Cantor (osu.edu)

Saved on

compared with

New Version 53

changes.mady.by.user rlmorgan@washington.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Include Page
InCFederation:Draft Notice
InCFederation:Draft Notice

In this document the InCommon Federation presents recommendations for federation participants regarding many aspects of federation practice. Sites following these practices will find benefits not only to their own use of the federation but will enable other participants to more easily and completely take advantage of federated services.

The InCommon Federation supports a wide range of participant organizations, applications, and services.  Not all of the recommended practices will apply to all sites, and in some cases there may be legitimate reasons for different approaches.

InCommon expects this set of recommendations will evolve as new capabilities are added to federation infrastructure, and as participants gain more experience with what practices work bestAt the November TAC F2F, we discussed having a matrix of best practices by which to evaluate registered sites to help set expectations and create peer pressure. This is a preliminary set of suggested criteria.

Policy

Technical Basics

Operational Maturity

Maximizing the Federation

  • Identity Provider Attribute Release Process
    • Release of attributes w/o admin involvement (via consent or otherwise)
      • Strawman: It is RECOMMENDED that eduPersonScopedAffiliation, eduPersonEntitlement, and eduPersonTargetedID be released across the board, to all SPs. The five (5) remaining attributes listed on the InCommon Federation Attribute Summary page SHOULD be released to all SPs provided user consent is obtained. In both cases, we're referring to all SPs in the InCommon Federation.
  • Persistent Identifier Support

Parked Items

  • Keys of less than a certain age
    • We should consider what, if any, age is actually "too old"
  • Full saml2int conformance
  • InCommon Implementation Profile conformance
    • Could identify "exceptions to conformance" to highlight specific missing capabilities or could break profile into separate features in the matrix
  • Identity attributes
    • Regular (event-driven? nightly?) synchronization with systems of record
    • Documentation of locally-defined attributes
  • Reporting of statistics
  • Education
    • For end-users
      • Privacy
      • Appropriate use
      • Protection of secrets