Versions Compared

Old Version 2

changes.mady.by.user Nicole Harris

Saved on

compared with

New Version 3

changes.mady.by.user Nicole Harris

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As part of the proposed roadmap for delivery the eduGAIN Strategy, a phased approach has been proposed to improve the quality of data in metadata. 


RequiurementSecurityPrivacyAssurance
Phase
1
Introduce
Require security contacts and commitment to incident response for federationsRequire privacy notice and completion of mdui:PrivacyStatementURL for all enties

require expression of RAF

information 

information  / ability to assert https://refeds.org/assurance for all Identity Providers. 

  1. Your Identity Provider is operated with organisational-level authority.
  2. Your Identity Provider is trusted enough to be used to access your organisation’s own systems.
  3. You publish contact information for your Identity Provider and respond ina timely fashion to operational issues.
  4. You apply security practices to protect user information, safeguard transaction integrity, and ensure timely incident response.
  5. You ensure the metadata registered in Federation is complete, accurate and up to date.
2Require
2Introduce
security contacts and commitment to incident response for all entities
require expression of identifier uniqueness   / ability to assert: https://refeds.org/assurance/ID/unique
3
Introduce
Require Sirtfi for all entities 
require minimum RAF level - TBD. 

Proposed Approach

PhaseRequirementDeadlineComments
1Require security contacts and commitment to incident response for federations31st December 2025Complete, target achieved 
2

Require security contacts and commitment to incident response for all entities

Require privacy notice and completion of mdui:PrivacyStatementURL for all entities

Require expression of RAF information  / ability to assert https://refeds.org/assurance for all Identity Providers. 

31st December 2026

Proposed  - is it too much to include RAF in this year? Could be rolled to 2027

3

Require Sirtfi for all entities

Require expression of identifier uniqueness   / ability to assert: https://refeds.org/assurance/ID/unique

31st December 2027
4

Require minimum RAF level - TBD. 


This still needs significant scoping work

Process

  • Requirements will be announced  by the Secretariat and appropriate amendments made the SAML Technical Profile. 
  • Federations will be asked to remove all entities that do not meet these standards by the deadline or (or they will be filtered by eduGAIN OT?).