Implementation Considerations for the R&S Category
Implementation Considerations for Service Providers
It is important that the implementation and deployment of all InCommon services facilitate initial on-boarding processes to avoid operational and technical impediments to adoption, as described in Recommended Practices for InCommon Participants.
More specifically, R&S services generally have a broad user community, often including people who do not have a close relationship with the Service Provider, or whose IdPs do not have a close relationship with the Service Provider. For this reason, R&S Service Providers are encouraged to consider the following guidelines:
- The service should not require out-of-band negotiation with IdPs.
- The service should request a subset of R&S Category Attributes, and furthermore, the service should request only those attributes it absolutely needs. (See the R&S Category Attributes section above for details.)
- The SP should fully support SAML V2.0 Web Browser SSO (see the SP Endpoints wiki page).
- The SP should provide a complete set of User Interface Elements in metadata. In particular, a Privacy Statement and a Logo are highly recommended.
- In addition to the Technical and Administrative Contacts in Metadata required of all SPs, a Security contact should also be provided (once that option becomes available).
- The SP should strive to provide a good, overall Federation User Experience. In particular, the SP should intelligently handle errors involving the release of requested attributes.
Technical Considerations
The following documents describe the technical considerations for participation in the R&S Category:
- Federation Metadata
- Service Providers
- There are no technical requirements for SPs, other than those described above in "Requirements for the R&S Category."
- Identity Providers
- DRAFT Guidance for IdP