Being an IdP in HDF#

Organisational#

HDF supports all IdPs from eduGain. However, your users may only be able to use certain services, if you provide “higher quality” identities and attributes.

Higher quality means that you support the policies linked below.

Policies#

IdPs that participate in the HDF AAI MUST support these policies:

• Security Incident Response “SIRTFI“

In addition IdPs SHOULD support these policies

• Refeds Assurence Framework “RAF“
• REFEDS Research and Scholarship Entity Category: “R&S“

Note that we use SHOULD and MUST according to according to RFC 2119.

Technical#

If you are in DFN AAI Advanced, for example you are moderately ok. I.e. you do assert that you have a working relation with the users, never seen their passport, will update your user database within a month after a change happened. In terms of the Refeds Assurance Framework this means:

    https://refeds.org/assurance/IAP/low
    https://refeds.org/assurance/IAP/local-enterprise
    https://refeds.org/assurance/ATP/ePA-1m

Some services like their users to be known by a shown passport (IAP/medium).

In addition security incident response REQUIRES that you follow the SIRTFI trust framework. I.e. you publish a security contact and follow the basic common sense of incident response.

Attributes you SOULD release attributes according to the REFEDS Research and Scholarship (R&S) Entity Category