Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
en:requirements [2021/05/03 19:59] – ↷ Links angepasst weil Seiten im Wiki verschoben wurden 40.77.167.40 | en:requirements [2021/07/20 12:01] – updated link to check list Silke Meyer |
---|
* Service Provider / SP operator: SP agreement (English) - free of charge, no further requirements | * Service Provider / SP operator: SP agreement (English) - free of charge, no further requirements |
* Registration of the IdP/SP Metadata via our [[https://www.aai.dfn.de/verwaltung | Metadata Administration Tool]] | * Registration of the IdP/SP Metadata via our [[https://www.aai.dfn.de/verwaltung | Metadata Administration Tool]] |
* See the [[en:metadata_admin_tool:checklist|Checklist for Registering Metadata]] | * See the [[en:checklist|Checklist for Registering Metadata]] |
=== Technical and Organizational Criteria=== | === Technical and Organizational Criteria=== |
* Support of the [[https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf|SAML 2 Standard]] (in future alternatively OpenID Connect, date will be announced). The use of self-implementations is strongly discouraged. Instead, IdP/SP software should be used for which long-term support and further development by the community is guaranteed, e.g. [[https://www.shibboleth.net/products/|Shibboleth]] or [[https://simplesamlphp.org/|SimpleSAMLphp]]. DFN-Verein is a member of the [[https://www.shibboleth.net/|Shibboleth Consortium]] and offers [[https://doku.tid.dfn.de/de:aai:portfolio|support, workshops and trainings]] for this software. | * Support of the [[https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf|SAML 2 Standard]] (in future alternatively OpenID Connect, date will be announced). The use of self-implementations is strongly discouraged. Instead, IdP/SP software should be used for which long-term support and further development by the community is guaranteed, e.g. [[https://www.shibboleth.net/products/|Shibboleth]] or [[https://simplesamlphp.org/|SimpleSAMLphp]]. DFN-Verein is a member of the [[https://www.shibboleth.net/|Shibboleth Consortium]] and offers [[https://doku.tid.dfn.de/de:aai:portfolio|support, workshops and trainings]] for this software. |
* Operational Safety | * Operational Safety |
* The software implemented must be kept up-to-date and security updates/patches must be applied in a timely manner. | * The software implemented must be kept up-to-date and security updates/patches must be applied in a timely manner. |
* When [[en:metadata_admin_tool:checklist|registering the SP/IdP metadata]], a contact for security issues must be provided. | * When [[en:checklist|registering the SP/IdP metadata]], a contact for security issues must be provided. |
* Certificates for SAML-based communication | * Certificates for SAML-based communication |
* The SAML software used must allow for seamless key rollover when changing the key material. Information and further notes can be found under [[en:certificates#certificates_for_saml-based_communication|Certificates]]. | * The SAML software used must allow for seamless key rollover when changing the key material. Information and further notes can be found under [[en:certificates#certificates_for_saml-based_communication|Certificates]]. |