...
R&S Service Providers must resolve issues of non-compliance within a reasonable period of time from when they become aware of the issue. Failure to do so may result in revocation of their membership in the R&S category.
In addition to the above requirements, R&S Service Providers are encouraged to consider the following guidelines and Recommended Practices:
- The service should not require out-of-band negotiation with IdPs.
- The service should request a subset of R&S Category Attributes, and furthermore, the service should request only those attributes it absolutely needs. (See the next section for details.)
- The SP should fully support SAML V2.0 Web Browser SSO (see the SP Endpoints in Metadata wiki page).
- The SP should provide a complete set of User Interface Elements in metadata. In particular, a Privacy Statement and a Logo are highly recommended.
- In addition to the Technical and Administrative contacts in metadata required of all SPs, a Security contact should also be provided (once that option becomes available).
- The SP should strive to provide a good, overall user experience. In particular, the SP should intelligently handle errors involving the release of requested attributes.
R&S Category Attributes
InCommon IdPs are strongly encouraged to release the following attributes to R&S category SPs:
...