Under the guidance of the InCommon Assurance Advisory Committee, the InCommon community has adopted a set of Baseline Expectations for Trust in Federation. The intent is to:
improve interoperability among InCommon Participants
ensure that the Federation has a common level of trust by establishing expectations that all Participants agree to meet.
In addition to the expectations themselves, the community has adopted processes by which InCommon Participants and the InCommon Federation operator keep metadata up to date and keep one-another accountable, including:
Automated checks of metadata by InCommon to give feedback to each Participant about their entities
A process for reaching community consensus on practices that meet the expectations
A process for Participants to raise Baseline Expectations-related and other concerns and get them resolved
The core Baseline Expectations document establishes three short lists of expectations expressed at a high level, one for each of three types of Federation actor: an Identity Provider, a Service Provider, and a Federation Operator.
Baseline Expectations of Identity Providers
The IdP is operated with organizational-level authority
The IdP is trusted enough to be used to access the organization’s own systems
Generally-accepted security practices are applied to the IdP
Federation metadata is accurate, complete, and includes: