Versions Compared

Old Version 33

changes.mady.by.user Nicole Roy

Saved on

compared with

New Version 34

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Focus on trustworthiness of their Federation as a primary objective and be transparent about such efforts
    InCommon Operations is working with CTAB to implement Baseline Expectations. The Federation has a strong community governance structure (Steering, CTAB, TAC).
  2. Generally-accepted security practices are applied to the Federation’s operational systems
    Federation infrastructure systems are patched on a scheduled basis, and all systems are updated as rapidly as possible, in cases where known vulnerabilities affect an operational component. We have highly secure key management processes in place around the keys used in the metadata signing process.
  3. Good practices are followed to ensure accuracy and authenticity of metadata to enable secure and trustworthy federated transactions
    Separation of duties is enforced between those submitting and those approving metadata changes. Security is a focus of software development within both the Federation Manager and the backend processes which handle metadata signing. Audit logs and chain of custody of the metadata are kept in accordance with Internet2 data retention procedures. InCommon maintains a Incident Handling process which helps enable secure and trustworthy federated transactions.
  4. Frameworks that improve trustworthy use of Federation, such as entity categories, are implemented and adoption by Members is promoted
    InCommon supports the REFEDS SIRTFI and Research and Scholarship entity categories. As others emerge and prove useful for scalable promotion of trustworthy use of the Federation, they will be considered for support based on the community need, their merits and the resources they require to implement and operate. 
  5. Work with relevant Federation Operators to promote realization of Baseline Expectations
    InCommon participates in REFEDS and eduGAIN governance activities which promote the goals of Baseline Expectations.

My Executive and/or Site Administrators are no longer with the organization. How do I change them?

You can initiate the process to change your organization's Executive or Site Administrator by completing this form. As when your organization first joined InCommon, this will involve some phone calls to register your new representatives' identities. You will find more information about these roles on the InCommon website.

Metadata Questions

I have heard there are required metadata elements as part of Baseline Expectations, as well as recommended elements. Please clarify.

...

By when must I correct the issues identified in the Metadata Health Check?

Short answer: Each missing item reported in the health check contributes to poorer user experience, reduced interoperabiltyinteroperability, and lower trust in the InCommon Federation. So please correct them as soon as possible.

Long answer: Baseline Expectations will be formally is in effect for all InCommon Federation Participants  on June 15. After December 14, 2018. After that time, , enforcement will begin; issues that remain unaddressed will ultimately lead to the corresponding entities being removed from the federation until they are corrected. Health check reports sent after Baseline Expectations are formally in effect will include information on how long a given entity has gone uncorrected and estimated time to its removal unless it is corrected.

My SAML software can't consume InCommon metadata, but its metadata is published in InCommon, does it need to meet baseline expectations?

...

Everything specified as required by baseline expectations in metadata is already in widespread use across not only InCommon, but over 50 other national research and education federations. The use of the required elements has over ten years of real-world use. Software which conforms with the OASIS Committee Specification, SAML V2.0 Metadata Interoperability Profile Version 1.0, August 2009 and the OASIS Committee Specification, Identity Provider Discovery Service Protocol and Profile, March 2008 will not break. All software deployed in InCommon and other federations by definition should already be able to meet these requirements.