The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

At the November TAC F2F, we discussed having a matrix of best practices by which to evaluate registered sites to help set expectations and create peer pressure. This is a preliminary set of suggested criteria.

Policy

Technical Basics

  • Regular Metadata Refresh
  • Maintaining Unexpired Certificates
  • SAML 2.0 Support
    • IdPs with TLS-protected HTTP-Redirect SSO
    • SPs that support SAML 2.0 should indicate so in metadata
    • SPs with TLS-protected HTTP-POST ACS and an encryption key
  • SAML 1.1 Support
    • SPs with TLS-protected HTTP-POST ACS

Operational Maturity

  • Maintaining Supported Software
  • Operational Compliance with Metadata IOP
  • Federation a "First Order" UI
  • Discovery
    • Choices offered should result in an "acceptable" experience
  • Error Handling
    • Look and Feel
    • Useful Contacts

Maximizing the Federation

  • Documented Attribute Release Process
  • Support for SAML 2.0 "persistent" NameID or eduPersonTargetedID
  • Release of "basic" attributes w/o admin involvement (via consent or otherwise)

Parked Items

  • Keys of less than a certain age
    • We should consider what, if any, age is actually "too old"
  • Full saml2int conformance
  • InCommon Implementation Profile conformance
    • Could identify "exceptions to conformance" to highlight specific missing capabilities or could break profile into separate features in the matrix

Meeting Notes

Meeting Notes - April 21, 2011

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels