| Both sides previous revision Previous revision | Next revisionBoth sides next revision |
| en:requirements [2020/04/03 17:23] – Wolfgang Pempe | en:requirements [2020/04/03 17:28] – Wolfgang Pempe |
|---|
| ~~NOTOC~~ | ~~NOTOC~~ |
| ====== Preconditions and Best Practices ========== | ====== Requirements and Best Practices ========== |
| {{INLINETOC 2}} | {{INLINETOC 2}} |
| ===== Requirements for participation in the DFN-AAI ===== | ===== Requirements for Participation in the DFN-AAI ===== |
| ==== General requirements ==== | ==== General Requirements ==== |
| **The following requirements apply equally to Identity Providers (IdP) and Service Providers (SP)** | **The following requirements apply equally to Identity Providers (IdP) and Service Providers (SP)** |
| ===Formal criteria=== | ===Formal Criteria=== |
| * To participate in the DFN-AAI, a contractual agreement with the DFN-Verein is required. To request the contract documents, see [[en:registration|registration]]. The type of contractual agreement depends on the type of participation in the DFN-AAI: | * To participate in the DFN-AAI, a contractual agreement with the DFN-Verein is required. To request the contract documents, see [[en:registration|registration]]. The type of contractual agreement depends on the type of participation in the DFN-AAI: |
| * Home Organisations / IdP operators: DFN-AAI is a value-added service ([[https://www.dfn.de/dienstleistungen/dfninternet/entgelte/|DFNInternet at least I02]]), framework agreement and DFN-AAI service agreement are required. The latter also contains agreements for SP operation. | * Home Organisations / IdP operators: DFN-AAI is a value-added service ([[https://www.dfn.de/dienstleistungen/dfninternet/entgelte/|DFNInternet at least I02]]), DFN Framework Agreement and DFN-AAI Service Agreement are required. The latter also contains clauses for SP operation. |
| * Service provider / SP operator: SP agreement (English) - no other requirements | * Service Provider / SP operator: SP agreement (English) - free of charge, no further requirements |
| * Registration of the IdP/SP metadata | * Registration of the IdP/SP Metadata |
| * See the [[en:metadata_admin_tool:checklist|checklist for registering metadata]] | * See the [[en:metadata_admin_tool:checklist|Checklist for Registering Metadata]] |
| === Technical and organizational criteria=== | === Technical and Organizational Criteria=== |
| * Support of [[https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf|SAML 2 standard]] (in future alternatively OpenID Connect, date will be announced). The use of self-implementations is strongly discouraged. Instead, IdP/SP software should be used for which long-term support and further development by the community is guaranteed, e.g. [[https://www.shibboleth.net/products/|Shibboleth]] or [[https://simplesamlphp.org/|SimpleSAMLphp]]. DFN-Verein is a member of the [[https://www.shibboleth.net/|Shibboleth consortium]] and offers [[https://doku.tid.dfn.de/de:aai:portfolio|support, workshops and trainings]] for this software. | * Support of [[https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf|SAML 2 standard]] (in future alternatively OpenID Connect, date will be announced). The use of self-implementations is strongly discouraged. Instead, IdP/SP software should be used for which long-term support and further development by the community is guaranteed, e.g. [[https://www.shibboleth.net/products/|Shibboleth]] or [[https://simplesamlphp.org/|SimpleSAMLphp]]. DFN-Verein is a member of the [[https://www.shibboleth.net/|Shibboleth consortium]] and offers [[https://doku.tid.dfn.de/de:aai:portfolio|support, workshops and trainings]] for this software. |
| * [[en:metadata|Federation metadata]] | * [[en:metadata|Federation metadata]] |