| Wiki Markup |
|---|
{include |
...
:Draft |
...
In this document the InCommon Federation presents recommendations for federation participants regarding many aspects of federation practice. Sites following these practices will find benefits not only to their own use of the federation but will enable other participants to more easily and completely take advantage of federated services.
The InCommon Federation supports a wide range of participant organizations, applications, and services. Not all of the recommended practices will apply to all sites, and in some cases there may be legitimate reasons for different approaches.
InCommon expects this set of recommendations will evolve as new capabilities are added to federation infrastructure, and as participants gain more experience with what practices work best.
Organizational Presence
A key part of creating online trust is accurately representing your organization to other federation participants, including organization identity management and security practices, and contact information.
Technical Basics
Maintaining complete and accurate information in InCommon metadata is important so systems from other federation participants can best engage with your site's services.
- Service Endpoints in Metadata
- X.509 Certificates in Metadata
- User Interface Elements in IdP/SP Metadata
- Requested Attributes in SP Metadata
Operational Maturity
Maximizing the Federation
- Identity Provider Attribute Release Process
- Persistent Identifier Support
Parked Items
...
- We should consider what, if any, age is actually "too old"
...
- Could identify "exceptions to conformance" to highlight specific missing capabilities or could break profile into separate features in the matrix
...
- Regular (event-driven? nightly?) synchronization with systems of record
- Documentation of locally-defined attributes
...
Notice}
In this document the InCommon Federation presents recommendations for federation participants regarding many aspects of federation practice. Sites following these practices will find benefits not only to their own use of the federation but will enable other participants to more easily and completely take advantage of federated services.
The InCommon Federation supports a wide range of participant organizations, applications, and services. Not all of the recommended practices will apply to all sites, and in some cases there may be legitimate reasons for different approaches.
InCommon expects this set of recommendations will evolve as new capabilities are added to federation infrastructure, and as participants gain more experience with what practices work best.
h3. Organizational Presence
A key part of creating online trust is accurately representing your organization to other federation participants, including organization identity management and security practices, and contact information.
h3.
* [Participant Operational Practices] (POP)
* [Contacts in Metadata]
* [Security Incident Response Policy|https://docs.google.com/View?id=dcpgz62c_12zb9z48ck]
h3. Technical Basics
Maintaining complete and accurate information in InCommon metadata is important so systems from other federation participants can best engage with your site's services.
* [Service Endpoints in Metadata|Endpoints in Metadata]
* [X.509 Certificates in Metadata]
* [User Interface Elements] in IdP/SP Metadata
* [Requested Attributes] in SP Metadata
h3. Operational Maturity
* [Metadata Consumption]
* [Maintaining Supported Software]
* [Federation User Experience]
* [Error Handling]
h3. Maximizing the Federation
* Identity Provider [Attribute Release Process]
* [Persistent Identifier Support]
{HTMLcomment:hidden}
h3. Parked Items
* Keys of less than a certain age
** We should consider what, if any, age is actually "too old"
* Full saml2int conformance
* InCommon Implementation Profile conformance
** Could identify "exceptions to conformance" to highlight specific missing capabilities or could break profile into separate features in the matrix
* Identity attributes
** Regular (event-driven? nightly?) synchronization with systems of record
** Documentation of locally-defined attributes
* Reporting of statistics
* Education
** For end-users
*** Privacy
*** Appropriate use
*** Protection of secrets
{HTMLcomment} |