June 16, 2020
The InCommon Community Trust and Assurance Board (CTAB) continues to take feedback on the proposed three additions to Baseline Expectations for Trust in Federation. The community consensus process is ongoing, with the original May deadline extended due to the pandemic. While there is not currently a deadline, it would be timely to provide your comments now.
The three proposed additions are:
- All service endpoints must be protected with current and trusted encryption (TLS).
- All entities must conform with the REFEDS Security Incident Response Framework v1.0 when handling security incidents involving federation participants.
- All Identity Providers must include a valid errorURL in published metadata.
You can find details and the process for commenting in the Baseline Expectations wiki.
The Baseline Expectations program kicked off in 2018 as a way to increase the predictability of collaborations and enhance trust within the federation. By July 2019, 100 percent of the federation met the expectations.
Even as the first round was completed, there were thoughts and suggestions of potential additions to the program. CTAB reviewed these and conducted a survey to help determine priorities and to gain an understanding of the ease or difficulty of implementation. In march of this year, the current proposal was shared for community comment and consensus.
CTAB is particularly interested in comments and assessments of the impact on your operations of implementing the proposed requirements, as well as your views on the contribution of these requirements to improved assurance and interoperability.
To join the discussion and make your voice heard, subscribe to the Baseline Expectations consensus discussion list by sending email to email@example.com with the subject: subscribe be-consensus.
Here are some resources and background information on Baseline Expectations.