...
- Consume all the SP metadata in the world!
- Automatically refresh InCommon metadata at least daily OR
- Retrieve metadata just-in-time via the Metadata Query Protocol
- Support SAML2 Web Browser SSO
- Publish a SAML2
SingleSignOnService
endpoint that supports the HTTP-Redirect binding
- Publish a SAML2
- Publish long-lived, self-signed certificates in metadata
- Publish technical, administrative, and administrative security contacts in metadata
- Stabilize the following metadata elements:
- entityID
- Scope
- endpoint locations
- Support at least the following user attributes:
- persistent, non-reassigned identifier
- eduPersonUniqueId OR
- eduPersonTargetedID OR
- eduPersonPrincipalName (if non-reassigned)
- person name
- displayName OR
- givenName + sn (surname)
- email address
- mail attribute
- persistent, non-reassigned identifier
- Stabilize the values of persistent identifiers and scoped attributes
- Adopt a measured attribute release process
- [Level 0 Interoperability] Release a persistent, non-reassigned identifier to all SPs (or at least to all SPs registered by InCommon)
- [Level 1 Interoperability] Release the Research & Scholarship attribute bundle to all R&S SPs (or at least to all R&S SPs registered by InCommon)
- [Level 2 Interoperability] Release the Essential Attribute Bundle to all SPs (or at least to all SPs registered by InCommon)
- Test and monitor all IdP endpoints 24x7
...