Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Contacting Us
For assistance, please contact help@incommon.orge
Baseline Expectations Health Checks
Under the guidance of the InCommon Assurance Advisory Committee, the Federation has adopted a set of Baseline Expectations for Trust in Federation. The intent is to improve interoperability among InCommon Participants and ensure that the Federation has a common level of trust by establishing expectations that all participants agree to meet.
InCommon performs periodic metadata health checks to share Baseline Expectation adoption progress statistics with participants. To find out how you and your peers are doing, check the Baseline Expectations Adherence by Organization list.
If you would like to find out details about your organization's Baseline Expectations status, please contact help@incommon.org
Baseline Expectations Dashboard - July 17, 2019
Image Added
Image Added
Image Added
About Baseline Expectations
The InCommon Community Trust and Assurance Board hosted a webinar on October 11, 2018 to review Baseline Expectations. The webinar provides an overview of the Baseline Expectations initiative, schedule, and a demo of the Federation Manager, the software Participants use to manage metadata.
Download the slides (PDF)
Recording
Foundational Documents
Baseline Expectations for Trust in Federation - This The core Baseline Expectations document establishes three short lists of expectations expressed at a high level, one for each of three types of Federation actor: an Identity Provider, a Service Provider, and a Federation Operator.
In addition, the Assurance Advisory Committee developed a plan for implementation and for maintaining the baseline expectations. Like the core document, this plan was publicized and vetted by the community, before being finalized and implemented.
Baseline Expectations of Identity Providers
- The IdP is operated with organizational-level authority
- The IdP is trusted enough to be used to access the organization’s own systems
- Generally-accepted security practices are applied to the IdP
- Federation metadata is accurate, complete, and includes:
- contacts in metadata (technical, administrative and security)
- MDUI information
- privacy policy URL
Baseline Expectations of Service Providers
- Controls are in place to reasonably secure information and maintain user privacy
- Information received from IdPs is not shared with third parties without permission and is stored only when necessary for SP’s purpose
- Generally-accepted security practices are applied to the SP
- Federation metadata is accurate, complete, and includes:
- contacts in metadata (technical, administrative and security)
- MDUI information
- privacy policy URL
- Unless governed by an applicable contract, attributes required to obtain service are appropriate and made known publicly
Baseline Expectations of Federation Operators
- Focus on trustworthiness of their Federation as a primary objective and be transparent about such efforts
- Generally-accepted security practices are applied to the Federation’s operational systems
- Good practices are followed to ensure accuracy and authenticity of metadata to enable secure and trustworthy federated transactions
- Frameworks that improve trustworthy use of Federation, such as entity categories, are implemented and adoption by Members is promoted
- Work with relevant Federation Operators to promote realization of baseline expectations
.
Process to Maintain Baseline Expectations by InCommon and its Members - This document defines several processes by which InCommon and InCommon Participants will hold each other accountable for meeting Baseline Expectations.
On This Page
Table of Contents | ||
---|---|---|
|
Documents and Background
Transitioning the Community - October 2018
Implementing Baseline Expectations in InCommon Metadata
Processes to Maintain Baseline Expectations by InCommon and its Members
Community Dispute Resolution Process
Testing Your Own Metadata for Baseline Expectations
Organizations That Meet/Don't Meet Baseline: Baseline Expectations Adherence by Organization
Newsletter and Blog Posts
Baseline Expectations: Huge Progress by the Community (November 2018)
Baseline Expectations Newsletter (May 2018)
Baseline Expectations Measurements and Reporting (Feb 2018)
Webinars
InCommon Baseline Expectations: The Business Value Explained - It’s Not Just About Health Checks (March 2018)
Download the slides (PDF)
View the recorded webinar (Adobe Connect)
The Federation Doctor Will See You Now: Metadata Health Checks (Feb 2018)
Download the slides (PDF)
View the recorded webinar (Adobe Connect)
Baseline Expectations for IdPs and SPs (Jan 2018)
Download the slides (PDF)
Recording (Adobe Connect)
Implementation Explanation (July
Resources
Baseline Expectations Foundational Document
Processes to Meet Baseline Expectations (Draft)
Webinar explaining the expectations (Oct. 5, 2016)
Download the slides
Webinar recording (Adobe Connect)
Webinar explaining implementation (July 19, 2017)
Download the slides (PDF)
View the recorded webinar Recording (Adobe Connect)