This article is a part of a document curated under the Internet2 Trust and Identity Document Stewardship program. It has been reformatted for web display. Download the official text from the Internet2 Trust and Identity Document Repository athttp://doi.org/10.26869/TI.137.1.


Introduction

Implementation Guidance
  1. All entity (IdP and SP) service endpoints must be secured with current and trustworthy transport layer encryption.

  2. Every entity (IdP and SP) complies with the requirements of the Sirtfi v1.0 trust framework when processing federated single sign-on events.

  3. Identity Provider must include an errorURL in its metadata.

Reference


Reference


[BE2] Baseline Expectations for Trust in Federation, Version 2, http://doi.org/10.26869/TI.34.3 

[SIRTFI] REFEDS Security Incident Response Framework v1.0, https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf

[SIRTFIFAQ] Sirtfi Frequently Asked Questions, https://refeds.org/sirtfi/sirtfi-faqs.

[ErrURL] SAML Metadata Deployment Profile for errorURL Version 1.0, https://refeds.org/specifications/errorurl-v1

[SSLRatingGuide] SSL Server Rating Guide https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide

[SSLTest] Qualys SSL Lab Server Test, https://www.ssllabs.com/ssltest

[OWASP] (OWASP) Transport Layer Protection Cheat Sheet,https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html and the TLS Cipher String Cheatsheet, https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html.

[RFC2119] Key words for use in RFCs to Indicate Requirement Levels, https://tools.ietf.org/html/rfc2119

[RFC8174] Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words, https://tools.ietf.org/html/rfc8174


<< Back to IDP Metadata Must Have an Error URL