December 9, 2020
What’s next for round two of Baseline Expectations for Trust in Federation, now that the community has vetted the changes and the InCommon Steering Committee has given its approval?
In the spirit of the season, we’re makin’ a list and checkin’ it twice! InCommon operations will begin running reports and automated testing of all identity providers and service providers to determine whether they meet the three new expectations.
Starting at the first of the year, we will start a steady stream of communications to those with entities that do not meet the expectations, with the goal of having 100% adherence to the new expectations by July.
You will find an implementation guide on the wiki, but briefly here are the expectations:
- Identity Providers and Service Providers must have an HTTPS URL. InCommon operations will look for an A grade or better according to the test criteria defined in the SSL Labs Server Rating Guide.
- All InCommon participants will comply with the SIRTFI international security response framework when processing federated single sign-on transactions. After ensuring their IdP and/or SP adheres to the SIRTFI framework, the site administrator will check the “complies with SIRTFI bos in the Federation Manager. InCommon operations will generate reports and email organizations with IdPs and/or SPs not meeting this requirement.
- All Identity Providers will include an error URL in metadata. Again, InCommon operations will generate reports and follow-up with those not in compliance.
Additional resources and the latest information is on the Baseline Expectations 2 wiki page.