This article is a part of a document curated under the Internet2 Trust and Identity Document Stewardship program. It has been reformatted for web display. Download the official text from the Internet2 Trust and Identity Document Repository at


This document provides implementation guidance for InCommon Participants and the Federation Operator when updating systems to adhere to the statements introduced in the 2nd edition of the InCommon Federation Baseline Expectations for Trust in Federation (Baseline Expectations 2, BE2) [BE2]. Specifically, this document clarifies the implementation requirements for the new statements introduced in Baseline Expectations 2. It also recommends best practices and implementation strategies where appropriate.

To differentiate between required actions and recommended practices, this document uses keywords defined in [RFC2119] to indicate requirement levels. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

The terms “Identity Provider,” “IdP,” “Service Provider,” and “SP” refer to the operational entities registered in the federation. Where the document refers to the organizations operating these entities, the terms “IdP Operator” and “SP Operator” are used. Alternatively, “Participant” may be used to generically refer to an organization who has registered an IdP or SP in the InCommon Federation.

Continue to Encrypt Entity Service Endpoints >>