Versions Compared

Old Version 13

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 14

changes.mady.by.user James Basney (illinois.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: link: SP Assurance Policy Use Cases

DRAFT

Table of Contents

Technical implementation of assurance requires system changes from InCommon Operations, IdPs, and SPs. There are many different scenarios and choices.

...

SPs will rely on local policy to decide how to handle incoming IAQs. For example if the SP requires InCommon Bronze but receives InCommon Silver, that should be acceptable.

SP Assurance Policy Use Cases

Issues

  • Some SPs may not be able to use the AuthnRequest mechanism due to software or other limitations. Are they simply out of luck?
  • How is the AuthnRequest configured using the Shib SP?  The simpleSAMLphp SP?
  • Boarding process: Since an IAQ in metadata makes a statement about certification (not live service), how does an SP determine that an IdP supports assurance operationally (ala attribute support)? One approach is to include <saml:Attribute> elements in IdP metadata. Other approaches?
  • Does the Shib SP software support the metadata check? Does the simpleSAMLphp SP?
  • What matching rules are recommended, or acceptable?
  • How is an SP supposed to "know" that Silver is acceptable in lieu of Bronze? Is there a role for InCommon to provide "advice"?

...