Metadata registration practice statement

This document is a complement to the FEDURUS Identity Federation Policy and Technology Profile. The terminology used here is the same. Wherever this document is not consistent with the Policy or Technology Profile, they take precedence.

Common Practices

Any entity relevant criteria of the section "4. Eligibility" of the FEDURUS Identity Federation Policy may join the Federation as IdP or SP. The accession procedure is carried out by requesting the Federation Operator through FEDURUS contact: support@fedurus.ru

The membership request must be signed by official representative(s) of the participating organization and should contain:

  • administrative and technical representatives and their contacts;
  • confirmation the reading and accept the Federation's Policy and related documents.

Approval of such request is being done manually by the Federation Operator.

All the procedures described below apply to the Federation participation. For interfederation (such eduGAIN), an entity must explicitly agree to be connected before its metadata are included in the metadata exposed to the interfederation.

Practices on IdP Registration

Each IdP must be manually approved by by the Federation Operator in order to be registered with the Federation.

All IdP's must

  • have the IdP local usage policy, in particular describing identity management procedures and the vetting process for end users before their registation in the IdP;
  • provide appropriate entity metadata;
  • implement a minimum mandatory set of attributes and the privacy policy on attributes release;
  • install the SAML2 compatible IdP software correctly configured, secured and running;
  • pass compatibility tests between the IdP and the Federation.

After positive verification by the Federation Operator, the IdP description is added to the FEDURUS Federation metadata.

Practices on SP Registration

Each SP must be manually approved by by the Federation Operator in order to be registered with the Federation.

A newly participating entity, non-member of ARLICON Association, must conclude a service agreement with the Federation Operator signed by the official representatives of both parties.

All SP's must

  • have the SP privacy policy describing data processing and protection of data;
  • provide appropriate entity metadata;
  • use the SAML2 compatible SP software correctly configured, secured and running;
  • pass compatibility tests between the SP and the Federation.

After positive verification by the Federation Operator, the SP description is added to the FEDURUS Federation metadata.

Practices regarding metadata modifications

The IdP/SP administrator can later update entity metadata. The update request do not require re-approval by the Federation Operator if significant metadata have not been updated (entityID, attributes scope).

The Federation Operator may amend or modify the Federation metadata at any time in order to, for example, but not limited to

  • ensure the security and integrity of the metadata,
  • comply with Interfederation agreements,
  • improve interoperability, or
  • generally add value to the metadata

Acknowledgments

This work is based on the