Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Baseline Expectations Foundational Documents
Baseline Expectations for Trust in Federation
Baseline Implementation: Community Dispute Resolution Process
Baseline Expectations Health Checks
Baseline Expectations
Under the guidance of the InCommon Community Trust and Assurance Board, the InCommon community has adopted a set of Baseline Expectations for Trust in Federation. The intent is to:
- improve interoperability among InCommon Participants
- ensure that the Federation has a common level of trust by establishing expectations that all Participants agree to meet.
In addition to the expectations themselves, the community has adopted processes by which InCommon Participants and the InCommon Federation operator keep metadata up to date and keep one-another accountable, including:
- Automated checks of metadata by InCommon to give feedback to each Participant about their entities
- A process for reaching community consensus on practices that meet the expectations
- A process for Participants to raise Baseline Expectations-related and other concerns and get them resolved
Baseline Expectations Foundational Documents
Baseline Expectations for Trust in Federation
This core Baseline Expectations document establishes three short lists of expectations expressed at a high level, one for each of three types of Federation actor: an Identity Provider, a Service Provider, and a Federation Operator.
Expectations of Identity Providers- The IdP is operated with organizational-level authority
- The IdP is trusted enough to be used to access the organization’s own systems
- Generally-accepted security practices are applied to the IdP
- Federation metadata is accurate, complete, and includes:
- contacts in metadata (technical, administrative and security)
- MDUI information
- privacy policy URL
- a federated error handling URL
- an HTTPS link to a logo for the IdP
Baseline Expectations of Service Providers
- Controls are in place to reasonably secure information and maintain user privacy
- Information received from IdPs is not shared with third parties without permission and is stored only when necessary for SP’s purpose
- Generally-accepted security practices are applied to the SP
- Federation metadata is accurate, complete, and includes:
- contacts in metadata (technical, administrative and security)
- MDUI information
- privacy policy URL
- an HTTPS link to a logo for the SP
- Unless governed by an applicable contract, attributes required to obtain service are appropriate and made known publicly
Baseline Expectations of Federation Operators
Implementation: Community Dispute Resolution Process
Baseline Expectations Health Checks
Image Added
Work with relevant Federation Operators to promote realization of baseline expectationsResources
Documents and Background
Implementing Baseline Expectations in InCommon Metadata
Testing Your Own Metadata for Baseline Expectations
Blog Posts
Baseline Expectations Measurements and Reporting (Feb 2018)
Webinars
InCommon Baseline Expectations: The Business Value Explained - It’s Not Just About Health Checks (March 2018)
Download the slides (PDF)
View the recorded webinar (Adobe Connect)
The Federation Doctor Will See You Now: Metadata Health Checks (Feb 2018)
Download the slides (PDF)
View the recorded webinar (Adobe Connect)
Baseline Expectations for IdPs and SPs (Jan 2018)
Download the slides (PDF)
Recording (Adobe Connect)
Implementation Explanation (July 2017)
Download the slides (PDF)
Recording (Adobe Connect)