This consultation is now closed. It was open from June 22 to August 18, 2017. See http://doi.org/10.26869/TI.105.1
The InCommon Assurance Advisory Committee is pleased to announce that a period of consultation is open on the Processes to Maintain Baseline Expectations of InCommon Participants.
Baseline Expectations for Trust in Federation were approved by the InCommon Steering Committee in Fall of 2016. Specific requirements identified in the Baseline Expectations document are easy to monitor for and validate adherence to. Other items require community consensus and operational/administrative processes to support participants when concerns arise. The following documents outline recommended practices and processes to implement and maintain these baseline expectations, and enable the InCommon community to guide the definition of adherence to those areas which require additional discussion. The Assurance Advisory Committee is interested in your feedback on the proposed processes including any concerns or affirmations.
Document for review/consultation
NB: The draft document contains yellow-highlighted portions that identify specific time intervals or constants. Your feedback about how best to set each of these values is especially solicited.
Helpful background
- Baseline Expectations for Trust in Federation
- InCommon Community Assurance Webinar of June 7, 2017
- Slides (PDF)
- Adobe Connect Recording (51 minutes)
Change Proposals and Feedback - We welcome your feedback/suggestions here
If you have comments that do not lend themselves well to the tabular format below, please create a new Google doc and link to it in the suggestion section below.
Number | Section, if applicable (overall comments also welcome) | Current Text if applicable (overall comments also welcome) | Proposed Text / Query / Suggestion | Proposer | Action |
|---|---|---|---|---|---|
| 1 | Under 'Baseline Expectations of Service Providers' | We've found (unfortunately) more SP setups are taking the ownership of handling provisioning and/or deprovisioning of access and attribute data themselves. And so, should we include an SP expectation around proper life cycle management of this access and data. | Technical and/or business processes are in place to ensure user access and data are properly retired and/or deprovisioned from the SP to ensure a consistent and secure user application lifecycle. | Garrett King / CMU | Great suggestion for the next revision of the Baseline Expectations. Once the process for Community Consensus is available, the AAC recommends seeding this question through that process. |
See also