Deprecated
Note that this page has been deprecated. The information it contains is no longer current.
Recommended Practice
- A yearly-updated POP statement is provided to the federation.
- A privacy policy is posted and submitted via User Interface Elements.
Membership in InCommon includes a requirement to make available a "Participant Operational Practices" document, a questionnaire that covers a significant amount of ground in describing the identity management practices of IdPs and SPs.
The "requirement" aspect of this has been loosely enforced, but is increasingly necessary as IdPs and SPs that are more sensitive to the practices of their partners join the federation. The InCommon Assurance Program program is one response to this demand; stronger encouragement of participants to provide a POP is another.
It is expected that the POP will undergo substantial review, to modernize it and also to acknowledge the need for individual aspects of the POP to be expressed in new ways. For example:
- Privacy policies of both IdPs and SPs can be explicitly referenced in metadata via User Interface Elements.
- An SP's Requested Attributes make up a portion of the POP, and can now be expressed in metadata as well.
- Discussion of an Attribute Release Process for IdPs is alluded to, but not explicitly part of the current POP. The need to document and actively manage this process is noted among the Recommended Practices.
Developing (or updating) a POP will assist in providing these related materials.