The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

At the November TAC F2F, we discussed having a matrix of best practices by which to evaluate registered sites to help set expectations and create peer pressure. This is a preliminary set of suggested criteria.

Policy / Non-Technical

  • POP Available
  • Security Incident Contact Registered
    • Does this also imply adherence to the recommended incident response process?

Deployment Practices

  • SAML 2.0 Support
    • IdPs with TLS-protected HTTP-Redirect SSO
    • SPs with TLS-protected HTTP-POST ACS and an encryption key
  • Support for SAML 2.0 persistent NameIDs or eduPersonTargetedID
    • Perhaps support for other attributes are worth noting?
  • Full saml2int conformance
  • Consent-based support for particular attributes (i.e., no admin involvement needed)
  • Keys of less than a certain age
    • We should consider what, if any, age is actually "too old"

Implementation Support

  • InCommon Implementation Profile conformance
    • Could call out Metadata IOP as a subset, but my guess is few products would support that without the rest
    • Could identify "exceptions to conformance" to highlight specific missing capabilities or could break profile into separate features in the matrix
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels