Child pages
  • Baseline Expectations for Trust in Federation - Documents Quick Links
Skip to end of metadata
Go to start of metadata

Documents for Baseline Expectations Implementation Planning

 

 

  1. The IdP is operated with organizational-level authority

  2. The IdP is trusted enough to be used to access the organization’s own systems

  3. Generally-accepted security practices are applied to the IdP

  4. Federation metadata is accurate, complete, and includes site technical, admin, and security contacts, MDUI information, and privacy policy URL

  1. Controls are in place to reasonably secure information and maintain user privacy

  2. Information received from IdPs is not shared with third parties without permission and is stored only when necessary for SP’s purpose

  3. Generally-accepted security practices are applied to the SP

  4. Federation metadata is accurate, complete, and includes site technical, admin, and security contacts, MDUI information, and privacy policy URL

  5. Unless governed by an applicable contract, attributes required to obtain service are appropriate and made known publicly

  1. Focus on trustworthiness of their Federation as a primary objective and be transparent about such efforts

  2. Generally-accepted security practices are applied to the Federation’s operational systems

  3. Good practices are followed to ensure accuracy and authenticity of metadata to enable secure and trustworthy federated transactions

  4. Frameworks that improve trustworthy use of Federation, such as entity categories, are implemented and adoption by Members is promoted

  5. Work with relevant Federation Operators to promote realization of baseline expectations





    See Also:

    InCommon Assurance Call of Wed., June 7, 2017 at noon ET

 

 

  • No labels