...
- Support for user self-registration
- User registration incorporated into sign-in flow, so new user is not stranded at IdP
- User registers once for sign-in to multiple Research and Scholarship (R&S)-tagged SPs (i.e., user identity is not SP-specific)
- Once user has authenticated at the IdP, user is not prompted for password again when visiting other SPs during the same browser session, unless required by the SP
- IdP must support the R&S entity category and be tagged as such
- Ability to Assign/Assert ePPN; values must not be reassigned
- Ability to Assign/Assert ePTIDs
- Must address the service longevity issue (even if for now the response is "TBD")
- Support for SAML Enhanced Client or Proxy (ECP)
- Support for Multiple AuthN Contexts for MFA and Assurance
- This is for their InCommon Bronze, as well as Silver and MFA, if supported.
- Support for Recommended Technical Basics for IdPs
- Conforms to the 'Interoperable SAML 2.0 Web Browser SSO Deployment
Profile' as documented at http://saml2int.org - Self-assertion of InCommon Bronze compliance
- No commercial interest in the use of user data
- IdP must be available globally to any R&S tagged SP
- NOTE: This can only be achieved at the federation level, not unilaterally by an IdP
- Available to users throughout the world (perhaps with invitation from "approved" projects)
...