Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
en:requirements [2021/03/02 15:27] – [Service Provider] Silke Meyeren:requirements [2021/07/20 12:01] – updated link to check list Silke Meyer
Line 12: Line 12:
     * Service Provider / SP operator: SP agreement (English) - free of charge, no further requirements     * Service Provider / SP operator: SP agreement (English) - free of charge, no further requirements
   * Registration of the IdP/SP Metadata via our [[https://www.aai.dfn.de/verwaltung | Metadata Administration Tool]]   * Registration of the IdP/SP Metadata via our [[https://www.aai.dfn.de/verwaltung | Metadata Administration Tool]]
-    * See the [[en:metadata_admin_tool:checklist|Checklist for Registering Metadata]]+    * See the [[en:checklist|Checklist for Registering Metadata]]
 === Technical and Organizational Criteria===  === Technical and Organizational Criteria=== 
   * Support of the [[https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf|SAML 2 Standard]] (in future alternatively OpenID Connect, date will be announced). The use of self-implementations is strongly discouraged. Instead, IdP/SP software should be used for which long-term support and further development by the community is guaranteed, e.g. [[https://www.shibboleth.net/products/|Shibboleth]] or [[https://simplesamlphp.org/|SimpleSAMLphp]]. DFN-Verein is a member of the [[https://www.shibboleth.net/|Shibboleth Consortium]] and offers [[https://doku.tid.dfn.de/de:aai:portfolio|support, workshops and trainings]] for this software.    * Support of the [[https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf|SAML 2 Standard]] (in future alternatively OpenID Connect, date will be announced). The use of self-implementations is strongly discouraged. Instead, IdP/SP software should be used for which long-term support and further development by the community is guaranteed, e.g. [[https://www.shibboleth.net/products/|Shibboleth]] or [[https://simplesamlphp.org/|SimpleSAMLphp]]. DFN-Verein is a member of the [[https://www.shibboleth.net/|Shibboleth Consortium]] and offers [[https://doku.tid.dfn.de/de:aai:portfolio|support, workshops and trainings]] for this software. 
Line 20: Line 20:
   * Operational Safety   * Operational Safety
     * The software implemented must be kept up-to-date and security updates/patches must be applied in a timely manner.     * The software implemented must be kept up-to-date and security updates/patches must be applied in a timely manner.
-    * When [[en:metadata_admin_tool:checklist|registering the SP/IdP metadata]], a contact for security issues must be provided. +    * When [[en:checklist|registering the SP/IdP metadata]], a contact for security issues must be provided. 
   * Certificates for SAML-based communication   * Certificates for SAML-based communication
     * The SAML software used must allow for seamless key rollover when changing the key material. Information and further notes can be found under [[en:certificates#certificates_for_saml-based_communication|Certificates]].     * The SAML software used must allow for seamless key rollover when changing the key material. Information and further notes can be found under [[en:certificates#certificates_for_saml-based_communication|Certificates]].
Line 51: Line 51:
   * Provisioning and Deprovisioning    * Provisioning and Deprovisioning 
     * Local, i.e. SP-side **user accounts and profiles** must be created using attributes transmitted by the Identity Providers of the participating Home Organisations. Provisioning of user data via other channels (e.g. CSV files, Active Directory) is not permitted.     * Local, i.e. SP-side **user accounts and profiles** must be created using attributes transmitted by the Identity Providers of the participating Home Organisations. Provisioning of user data via other channels (e.g. CSV files, Active Directory) is not permitted.
-    * Appropriate procedures shall be implemented for **deprovisioning/deleting** such local user accounts. These may include automatic deletion/deactivation of a user's account after a certain period of inactivity or deprovisioning via [[de:shibidp3userdepro|SAML Attribute Query]].+    * Appropriate procedures shall be implemented for **deprovisioning/deleting** such local user accounts. These may include automatic deletion/deactivation of a user's account after a certain period of inactivity or deprovisioning via [[de:shibidp:config-deprovisionierung|SAML Attribute Query]].
  
 **Why do IdP operators talk about local metadata?** **Why do IdP operators talk about local metadata?**
  • Last modified: 16 months ago