Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Standardized attribute release requirements for participant IdPs (could get tricky with applications that don't want attributes, for example library/publisher SPs)
  • NOTE: This requirement needs to be better defined: Dealing with FERPA suppression of attributes for graduate students participating in research projects
  • Prevent vendors from charging fees for use of SAML in a multilateral federation context
  • NOTE: This requirement needs to be better defined: "Lack of framework/contract terms; change controls, support escalation"
  • Publication of security contact information for incident response (requirement for support for SIRTFI)

Other work to be done:

  • Browser cookie handling improvements needed and/or token binding needed (support for removing sessions at logout time, Safari's new problematic anti-tracking-cookie behavior)

Additional advice for service providers