Versions Compared

Old Version 4

changes.mady.by.user Davide Vaghetti

Saved on

compared with

New Version 5

changes.mady.by.user Davide Vaghetti

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

PhaseRequirementDeadlineComments
1Require security contacts and commitment to incident response for federations31st December 2025Complete, target achieved 
2

Require security contacts and commitment to incident response for all entities

Require privacy notice and completion of mdui:PrivacyStatementURL for all entities

Require expression of RAF information  / ability to assert https://refeds.org/assurance for all Identity Providers. 

31st December 2026

Proposed  - is it too much to include RAF in this year? Could be rolled to 2027

I think we can discuss this. I would not dilute it too much though. Maybe we could move RAF base requirement to 2027-Q1? (Davide)

3

Require Sirtfi for all entities

Require expression of identifier uniqueness   / ability to assert: https://refeds.org/assurance/ID/unique

31st December 2027+1 (Davide)
4

Require minimum RAF level - TBD. 


This still needs significant scoping work

A base level would of course be IAP/low. A way to scope this is 1. usefulness (what's really needed?) - 2. what's current industry standard? for example Google, Amazon, MS, etc have now better vetting processes (Davide)

Process

  • Requirements will be announced  by the Secretariat and appropriate amendments made the SAML Technical Profile. 
  • Federations will be asked to remove all entities that do not meet these standards by the deadline or (or they will be filtered by eduGAIN OT?).

...