| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| en:requirements [2020/04/03 17:39] – Wolfgang Pempe | en:requirements [2021/03/02 08:48] – [General Requirements] Silke Meyer |
|---|
| ===== Requirements for Participation in the DFN-AAI ===== | ===== Requirements for Participation in the DFN-AAI ===== |
| ==== General Requirements ==== | ==== General Requirements ==== |
| **The following requirements apply equally to Identity Providers (IdP) and Service Providers (SP)** | <callout color="#ff9900" title="For IdPs and SPs"> |
| | The following formal, technical and organizational criteria apply equally to Identity Providers (IdP) and Service Providers (SP) |
| | </callout> |
| ===Formal Criteria=== | ===Formal Criteria=== |
| * To participate in the DFN-AAI, a contractual agreement with the DFN-Verein is required. To request the contract documents, see [[en:registration|registration]]. The type of contractual agreement depends on the type of participation in the DFN-AAI: | * To participate in the DFN-AAI, a contractual agreement with the DFN-Verein is required. To request the contract documents, see [[en:registration|registration]]. The type of contractual agreement depends on the type of participation in the DFN-AAI: |
| * Home Organisations / IdP operators: DFN-AAI is a value-added service ([[https://www.dfn.de/dienstleistungen/dfninternet/entgelte/|DFNInternet at least I02]]), DFN Framework Agreement and DFN-AAI Service Agreement are required. The latter also contains clauses for SP operation. | * Home Organisations / IdP operators: DFN-AAI is a value-added service ([[https://www.dfn.de/dienstleistungen/dfninternet/entgelte/|DFNInternet at least I02]]), DFN Framework Agreement and DFN-AAI Service Agreement are required. The latter also contains clauses covering SP operation. |
| * Service Provider / SP operator: SP agreement (English) - free of charge, no further requirements | * Service Provider / SP operator: SP agreement (English) - free of charge, no further requirements |
| * Registration of the IdP/SP Metadata | * Registration of the IdP/SP Metadata via our [[https://www.aai.dfn.de/verwaltung | Metadata Administration Tool]] |
| * See the [[en:metadata_admin_tool:checklist|Checklist for Registering Metadata]] | * See the [[en:metadata_admin_tool:checklist|Checklist for Registering Metadata]] |
| === Technical and Organizational Criteria=== | === Technical and Organizational Criteria=== |
| * Support of [[https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf|SAML 2 standard]] (in future alternatively OpenID Connect, date will be announced). The use of self-implementations is strongly discouraged. Instead, IdP/SP software should be used for which long-term support and further development by the community is guaranteed, e.g. [[https://www.shibboleth.net/products/|Shibboleth]] or [[https://simplesamlphp.org/|SimpleSAMLphp]]. DFN-Verein is a member of the [[https://www.shibboleth.net/|Shibboleth Consortium]] and offers [[https://doku.tid.dfn.de/de:aai:portfolio|support, workshops and trainings]] for this software. | * Support of the [[https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf|SAML 2 Standard]] (in future alternatively OpenID Connect, date will be announced). The use of self-implementations is strongly discouraged. Instead, IdP/SP software should be used for which long-term support and further development by the community is guaranteed, e.g. [[https://www.shibboleth.net/products/|Shibboleth]] or [[https://simplesamlphp.org/|SimpleSAMLphp]]. DFN-Verein is a member of the [[https://www.shibboleth.net/|Shibboleth Consortium]] and offers [[https://doku.tid.dfn.de/de:aai:portfolio|support, workshops and trainings]] for this software. |
| * [[en:metadata|Federation Metadata]] | * [[en:metadata|Federation Metadata]] |
| * must be downloaded **at least** once a day | * must be downloaded **at least** once a day |