Assessment Criteria for Alternative IdP Strategies
Implementation Criteria
- Supports automated metadata refresh
- verifies metadata signed with a SHA-2 digest algorithm
- supports HTTP Conditional GET
- Supports dynamic per-entity metadata refresh
- verifies metadata signed with a SHA-2 digest algorithm
- supports the Metadata Query Protocol
- Supports user consent
- exposes the content of
<mdui:UIInfo>
child elements on the consent page
- exposes the content of
- Supports the SHA-2 family of digest algorithms
- signs assertions using either SHA-1 or SHA-2 digest algorithm on a per-SP basis
- Supports
<md:RequestedAttribute>
elements in SP metadata- incorporates the content of
<md:RequestedAttribute>
elements into attribute release policy
- incorporates the content of
- Supports MDUI extension elements in SP metadata
- exposes the content of
<mdui:UIInfo>
child elements on the login page
- exposes the content of
- Supports MDRPI extension elements in SP metadata
- incorporates the content of
<mdrpi:RegistrationInfo>
extension elements into attribute release policy
- incorporates the content of
- Supports MDATTR extension elements in SP metadata
- incorporates the content of
<mdattr:EntityAttributes>
extension elements into attribute release policy
- incorporates the content of
- Supports SAML RequestedAuthnContext in AuthnRequest messages
- Supports the SAML Enhanced Client-Proxy (ECP) profile
Deployment Criteria
TBD