1 | <html xmlns="http://www.w3.org/TR/REC-html40"> |
---|
2 | <head> |
---|
3 | <meta http-equiv=Content-Type content="text/html; charset=windows-1252"> |
---|
4 | <title>Federation Member Declaration</title> |
---|
5 | <link rel=dataStoreItem href="incommonpop_20080108_files/item0001.xml" |
---|
6 | target="incommonpop_20080108_files/props0002.xml"> |
---|
7 | <link rel=themeData href="incommonpop_20080108_files/themedata.thmx"> |
---|
8 | <link rel=colorSchemeMapping |
---|
9 | href="incommonpop_20080108_files/colorschememapping.xml"> |
---|
10 | <style> |
---|
11 | <!-- |
---|
12 | h1 |
---|
13 | {text-indent:-.25in; |
---|
14 | page-break-after:avoid; |
---|
15 | tab-stops:.25in; |
---|
16 | font-size:12.0pt; |
---|
17 | font-family:"Palatino","serif";} |
---|
18 | h2 |
---|
19 | {text-align:center; |
---|
20 | page-break-after:avoid; |
---|
21 | font-size:14.0pt; |
---|
22 | font-family:"Helvetica","sans-serif";} |
---|
23 | h3 |
---|
24 | {page-break-after:avoid; |
---|
25 | font-size:13.0pt; |
---|
26 | font-family:"Helvetica","sans-serif";} |
---|
27 | h5 |
---|
28 | {text-autospace:none; |
---|
29 | font-size:12.0pt; |
---|
30 | font-family:"Times New Roman","serif"; |
---|
31 | font-weight:normal;} |
---|
32 | p.MsoHeading8, li.MsoHeading8, div.MsoHeading8 |
---|
33 | {text-autospace:none; |
---|
34 | font-size:12.0pt; |
---|
35 | font-family:"Times New Roman","serif";} |
---|
36 | p.MsoHeading9, li.MsoHeading9, div.MsoHeading9 |
---|
37 | {text-autospace:none; |
---|
38 | font-size:12.0pt; |
---|
39 | font-family:"Arial","sans-serif";} |
---|
40 | p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText |
---|
41 | {font-size:10.0pt; |
---|
42 | font-family:"Palatino","serif";} |
---|
43 | p.MsoCommentText, li.MsoCommentText, div.MsoCommentText |
---|
44 | {font-size:10.0pt; |
---|
45 | font-family:"Palatino","serif";} |
---|
46 | p.MsoHeader, li.MsoHeader, div.MsoHeader |
---|
47 | {tab-stops:center 3.0in right 6.0in; |
---|
48 | font-size:12.0pt; |
---|
49 | font-family:"Palatino","serif";} |
---|
50 | p.MsoFooter, li.MsoFooter, div.MsoFooter |
---|
51 | {tab-stops:center 3.0in right 6.0in; |
---|
52 | font-size:12.0pt; |
---|
53 | font-family:"Palatino","serif";} |
---|
54 | span.MsoFootnoteReference |
---|
55 | {vertical-align:super;} |
---|
56 | span.MsoCommentReference |
---|
57 | p.MsoListNumber, li.MsoListNumber, div.MsoListNumber |
---|
58 | {text-indent:-.25in; |
---|
59 | tab-stops:list .25in; |
---|
60 | font-size:12.0pt; |
---|
61 | font-family:"Palatino","serif";} |
---|
62 | p.MsoListNumber2, li.MsoListNumber2, div.MsoListNumber2 |
---|
63 | {text-indent:-.25in; |
---|
64 | tab-stops:list .25in; |
---|
65 | font-size:12.0pt; |
---|
66 | font-family:"Palatino","serif"; |
---|
67 | display:none;} |
---|
68 | p.MsoBodyTextIndent, li.MsoBodyTextIndent, div.MsoBodyTextIndent |
---|
69 | {text-autospace:none; |
---|
70 | font-size:12.0pt; |
---|
71 | font-family:Symbol;} |
---|
72 | a:link, span.MsoHyperlink |
---|
73 | {color:none; |
---|
74 | text-decoration:underline; |
---|
75 | text-underline:single;} |
---|
76 | a:visited, span.MsoHyperlinkFollowed |
---|
77 | {color:purple; |
---|
78 | text-decoration:underline; |
---|
79 | text-underline:single;} |
---|
80 | p.MsoCommentSubject, li.MsoCommentSubject, div.MsoCommentSubject |
---|
81 | {font-size:10.0pt; |
---|
82 | font-family:"Palatino","serif"; |
---|
83 | font-weight:bold;} |
---|
84 | p.MsoAcetate, li.MsoAcetate, div.MsoAcetate |
---|
85 | {font-size:8.0pt; |
---|
86 | font-family:"Tahoma","sans-serif";} |
---|
87 | p.Default, li.Default, div.Default |
---|
88 | {text-autospace:none; |
---|
89 | font-size:12.0pt; |
---|
90 | font-family:Symbol; |
---|
91 | color:black;} |
---|
92 | p.ParaNum1, li.ParaNum1, div.ParaNum1 |
---|
93 | {text-indent:-.25in; |
---|
94 | page-break-after:avoid; |
---|
95 | tab-stops:.25in; |
---|
96 | font-size:12.0pt; |
---|
97 | font-family:"Palatino","serif"; |
---|
98 | font-weight:bold;} |
---|
99 | p.ParaNum2, li.ParaNum2, div.ParaNum2 |
---|
100 | {text-indent:-.1in; |
---|
101 | page-break-after:avoid; |
---|
102 | tab-stops:.25in .6in; |
---|
103 | font-size:12.0pt; |
---|
104 | font-family:"Palatino","serif";} |
---|
105 | p.ParaNum3, li.ParaNum3, div.ParaNum3 |
---|
106 | {text-indent:-.5in; |
---|
107 | page-break-after:avoid; |
---|
108 | tab-stops:.25in list .5in left .6in; |
---|
109 | font-size:13.0pt; |
---|
110 | font-family:"Palatino","serif";} |
---|
111 | p.ParaNum4, li.ParaNum4, div.ParaNum4 |
---|
112 | {text-indent:-.6in; |
---|
113 | page-break-after:avoid; |
---|
114 | tab-stops:.25in list .6in; |
---|
115 | font-size:12.0pt; |
---|
116 | font-family:"Palatino","serif"; |
---|
117 | font-weight:bold;} |
---|
118 | p.Answerline, li.Answerline, div.Answerline |
---|
119 | {tab-stops:right 6.5in; |
---|
120 | font-size:12.0pt; |
---|
121 | font-family:"Palatino","serif"; |
---|
122 | font-style:italic; |
---|
123 | text-decoration:underline; |
---|
124 | text-underline:single;} |
---|
125 | p.Infoline, li.Infoline, div.Infoline |
---|
126 | {tab-stops:right 5.5in; |
---|
127 | font-size:12.0pt; |
---|
128 | font-family:"Palatino","serif";} |
---|
129 | p.SubHeading, li.SubHeading, div.SubHeading |
---|
130 | {page-break-after:avoid; |
---|
131 | font-size:12.0pt; |
---|
132 | font-family:"Palatino","serif"; |
---|
133 | font-weight:bold; |
---|
134 | font-style:italic;} |
---|
135 | .MsoChpDefault |
---|
136 | ol |
---|
137 | {ul |
---|
138 | {--> |
---|
139 | </style> |
---|
140 | </head> |
---|
141 | <body bgcolor="#FFFFFF" vlink=purple lang=EN-US> |
---|
142 | <div class=Section1> |
---|
143 | <p align=center style='text-align:center'><b><span style='font-size:14.0pt;'>INCOMMON |
---|
144 | FEDERATION: PARTICIPANT<br> |
---|
145 | OPERATIONAL PRACTICES</span></b></p> |
---|
146 | <p><span style='color:black'>Participation |
---|
147 | in the InCommon Federation ("Federation") enables a federation participating |
---|
148 | organization ("Participant") to use Shibboleth <i>identity</i> <i>attribute </i>sharing |
---|
149 | technologies to manage access to on-line resources that can be made available |
---|
150 | to the InCommon community. One goal of |
---|
151 | the Federation is to develop, over time, community standards for such |
---|
152 | cooperating organizations to ensure that shared <i>attribute</i> <i>assertions</i> are |
---|
153 | sufficiently robust and trustworthy to manage access to important protected |
---|
154 | resources. As the community of trust |
---|
155 | evolves, the Federation expects that participants eventually should be able to |
---|
156 | trust each other's <i>identity management |
---|
157 | systems</i> and resource <i>access |
---|
158 | management systems</i> as they trust their own.</span></p> |
---|
159 | <p><span style='color:black'>A |
---|
160 | fundamental expectation of Participants is that they provide authoritative and |
---|
161 | accurate attribute assertions to other Participants, and that Participants receiving |
---|
162 | an attribute assertion protect it and respect privacy constraints placed on it |
---|
163 | by the Federation or the source of that information. In furtherance of this goal, InCommon |
---|
164 | requires that each Participant make available to other Participants certain |
---|
165 | basic information about any identity management system, including the identity |
---|
166 | attributes that are supported, or resource access management system registered |
---|
167 | for use within the Federation.</span></p> |
---|
168 | <p><span style='color:black'>Two |
---|
169 | criteria for trustworthy attribute assertions by <i>Identity Providers</i> are: (1) that the identity management system |
---|
170 | fall under the purview of the organization's executive or business management, |
---|
171 | and (2) the system for issuing end-user credentials (e.g., PKI certificates, |
---|
172 | userids/passwords, Kerberos principals, etc.) specifically have in place |
---|
173 | appropriate risk management measures (e.g., <i>authentication</i> and <i>authorization</i> standards, security |
---|
174 | practices, risk assessment, change management controls, audit trails, etc.).<i> </i></span></p> |
---|
175 | <p><span style='color:black'>InCommon |
---|
176 | expects that <i>Service Providers</i>, who |
---|
177 | receive attribute assertions from another Participant, respect the other Participant's |
---|
178 | policies, rules, and standards regarding the protection and use of that |
---|
179 | data. Furthermore, such information |
---|
180 | should be used only for the purposes for which it was provided. InCommon strongly discourages the sharing of |
---|
181 | that data with third parties, or aggregation of it for marketing purposes |
---|
182 | without the explicit permission<a href="#_ftn1" |
---|
183 | name="_ftnref1" title=""><span class=MsoFootnoteReference><span |
---|
184 | class=MsoFootnoteReference><span style='font-size:12.0pt;font-family:"Palatino","serif";"Times New Roman";color:black;'>[1]</span></span></span></a> of |
---|
185 | the identity information providing Participant.</span></p> |
---|
186 | <p><span style='color:black'>InCommon |
---|
187 | requires Participants to make available to all other Participants answers to |
---|
188 | the questions below.<a href="#_ftn2" |
---|
189 | name="_ftnref2" title=""><span class=MsoFootnoteReference><span |
---|
190 | class=MsoFootnoteReference><span style='font-size:12.0pt;font-family:"Palatino","serif";"Times New Roman";color:black;'>[2] </span></span></span></a>Additional information to help answer each |
---|
191 | question is available in the next section of this document. There is also a glossary at the end of this |
---|
192 | document that defines terms shown in italics.<a name="_Ref484143697"></a></span></p> |
---|
193 | <br |
---|
194 | clear=all style='page-break-before:always'> |
---|
195 | <h1><span |
---|
196 | style='color:black'><span>1.<span style='font:7.0pt "Times New Roman"'> </span></span></span>Federation Participant Information</h1> |
---|
197 | <p class=ParaNum2><span>1.1<span |
---|
198 | style='font:7.0pt "Times New Roman"'> </span></span>The |
---|
199 | InCommon Participant Operational Practices information below is for:</p> |
---|
200 | <p class=Infoline>InCommon Participant organization |
---|
201 | name: <u> GENI Project Office </u></p> |
---|
202 | <p class=Infoline>The information below is accurate |
---|
203 | as of this date:<u> August 15, 2011 </u></p> |
---|
204 | <p class=ParaNum2><a name="_Ref491345499"><span>1.2<span style='font:7.0pt "Times New Roman"'> </span></span>Identity Management and/or Privacy information</a></p> |
---|
205 | <pIndent> |
---|
206 | Additional information about the Participant's |
---|
207 | identity management practices and/or privacy policy regarding personal |
---|
208 | information can be found on-line at the following location(s). |
---|
209 | </p> |
---|
210 | <p class=Infoline>URL(s): <u> </u> </p> |
---|
211 | <p class=ParaNum2><a name="_Ref491344385"><span>1.3<span style='font:7.0pt "Times New Roman"'> </span></span>Contact information</a></p> |
---|
212 | <pIndent> |
---|
213 | The following person or |
---|
214 | office can answer questions about the Participant's<i> </i>identity management system or resource access management policy or |
---|
215 | practice. |
---|
216 | </p> |
---|
217 | <p class=Infoline>Name: <u> Tom Mitchell </u> </p> |
---|
218 | <p class=Infoline>Title or role <u> InCommon Technical POC </u> </p> |
---|
219 | <p class=Infoline>Email address <u> tmitchell@bbn.com </u> </p> |
---|
220 | <p class=Infoline>Phone <u> 617-873-3905 </u> FAX <u> </u></p> |
---|
221 | <p class=ParaNum1><a |
---|
222 | name="_Ref491346906"><span>2.<span |
---|
223 | style='font:7.0pt "Times New Roman"'> </span></span>Identity |
---|
224 | Provider Information</a></p> |
---|
225 | <p>The most critical responsibility that an IdentityProvider |
---|
226 | Participant has to the Federation is to provide trustworthy and accurate |
---|
227 | identity assertions.<a href="#_ftn3" |
---|
228 | name="_ftnref3" title=""><span class=MsoFootnoteReference><span |
---|
229 | class=MsoFootnoteReference><span style='font-size:12.0pt;font-family:"Palatino","serif";"Times New Roman";'>[3]</span></span></span></a> It is important for a Service Provider to |
---|
230 | know how your <i>electronic identity |
---|
231 | credentials</i> are issued and how reliable the information associated with a |
---|
232 | given credential (or person) is. </p> |
---|
233 | <p style=' |
---|
234 | page-break-after:avoid'><b><i>Community</i></b></p> |
---|
235 | <p class=ParaNum2><a name="_Ref491346920"><span>2.1<span style='font:7.0pt "Times New Roman"'> </span></span>If you are an Identity Provider, how do you |
---|
236 | define the set of people who are eligible to receive an <i>electronic identity</i>? If |
---|
237 | exceptions to this definition are allowed, who must approve such an exception?</a></p> |
---|
238 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
239 | |
---|
240 | <p class=ParaNum2><a name="_Ref491346932"><span>2.2<span style='font:7.0pt "Times New Roman"'> </span></span>"Member of Community"</a><a href="#_ftn4" name="_ftnref4" title=""><span |
---|
241 | class=MsoFootnoteReference><span><span style='font-size:12.0pt;font-family:"Palatino","serif";"Times New Roman";'>[4]</span></span></span></a> is an assertion that might be offered to |
---|
242 | enable access to resources made available to individuals who participate in the |
---|
243 | primary mission of the university or organization. For example, this assertion might apply to |
---|
244 | anyone whose affiliation is "current student, faculty, or staff."</p> |
---|
245 | <p class=ParaNum2> What subset of persons registered in your identity management system would you |
---|
246 | identify as a "Member of Community" in Shibboleth identity assertions to other |
---|
247 | InCommon Participants?</p> |
---|
248 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
249 | |
---|
250 | <p style=' |
---|
251 | page-break-after:avoid'><b><i>Electronic Identity Credentials</i></b></p> |
---|
252 | <p class=ParaNum2><a |
---|
253 | name="_Ref484143726"><span>2.3<span |
---|
254 | style='font:7.0pt "Times New Roman"'> </span></span>Please |
---|
255 | describe in general terms the administrative process used to establish an |
---|
256 | electronic identity that results in a record for that person being created in |
---|
257 | your <i>electronic identity database</i>? Please identify the<i> </i>office(s) of record for this purpose. For example, "Registrar's Office for |
---|
258 | students; HR for faculty and staff."</a></p> |
---|
259 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
260 | |
---|
261 | <p class=ParaNum2><a name="_Ref491344811"></a><a name="_Ref484143732"><span>2.4<span |
---|
262 | style='font:7.0pt "Times New Roman"'> </span></span>What |
---|
263 | technologies are used for your electronic identity credentials (e.g., Kerberos, |
---|
264 | userID/password, PKI, ...) that are relevant to Federation activities? If more than one type of electronic |
---|
265 | credential is issued, how is it determined who receives which type?</a> If |
---|
266 | multiple credentials are linked, how is this managed (e.g., anyone with a |
---|
267 | Kerberos credential also can acquire a PKI credential) and recorded?</p> |
---|
268 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
269 | |
---|
270 | <p class=ParaNum2><a name="_Ref484143738"><span>2.5<span style='font:7.0pt "Times New Roman"'> </span></span>If your electronic identity credentials require |
---|
271 | the use of a secret password or PIN, and there are circumstances in which that |
---|
272 | secret would be transmitted across a network without being protected by |
---|
273 | encryption (i.e., "clear text passwords" are used when accessing campus |
---|
274 | services), please identify who in your organization can discuss with any other |
---|
275 | Participant concerns that this might raise for them:</a></p> |
---|
276 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
277 | |
---|
278 | <p class=ParaNum2><a name="_Ref491344942"></a><a name="_Ref484143744"><span>2.6<span |
---|
279 | style='font:7.0pt "Times New Roman"'> </span></span>If |
---|
280 | you support a "single sign-on" (SSO) or similar campus-wide system to allow a |
---|
281 | single user authentication action to serve multiple applications, and you will |
---|
282 | make use of this to authenticate people for InCommon Service Providers, please |
---|
283 | describe the key security aspects of your SSO system including whether session |
---|
284 | timeouts are enforced by the system</a>, |
---|
285 | whether user-initiated session termination is supported, and how use with |
---|
286 | "public access sites" is protected.</p> |
---|
287 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
288 | |
---|
289 | <p class=ParaNum2><a name="_Ref484143786"><span>2.7<span style='font:7.0pt "Times New Roman"'> </span></span>Are your primary <i>electronic identifiers</i> for people, such as "net ID," eduPersonPrincipalName, |
---|
290 | or eduPersonTargetedID considered to be unique for all time to the individual |
---|
291 | to whom they are assigned? If not, what |
---|
292 | is your policy for re-assignment and is there a hiatus between such reuse?</a></p> |
---|
293 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
294 | |
---|
295 | <p style=' |
---|
296 | page-break-after:avoid'><b><i>Electronic Identity Database</i></b></p> |
---|
297 | <p class=ParaNum2><a name="_Ref484143794"><span>2.8<span style='font:7.0pt "Times New Roman"'> </span></span>How is information in your electronic identity |
---|
298 | database acquired and updated? Are |
---|
299 | specific offices designated by your administration to perform this |
---|
300 | function? Are individuals allowed to |
---|
301 | update their own information on-line?</a></p> |
---|
302 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
303 | |
---|
304 | <p class=ParaNum2><a name="_Ref484580135"><span>2.9<span style='font:7.0pt "Times New Roman"'> </span></span>What information in this database is considered |
---|
305 | "public information" and would be provided to any interested party?</a></p> |
---|
306 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
307 | |
---|
308 | <p class=SubHeading>Uses of Your Electronic Identity Credential System</p> |
---|
309 | <p class=ParaNum2><a name="_Ref484143813"><span>2.10<span style='font:7.0pt "Times New Roman"'> </span></span>Please identify typical classes of applications |
---|
310 | for which your electronic identity credentials are used within your own |
---|
311 | organization</a>.</p> |
---|
312 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
313 | |
---|
314 | <p class=SubHeading><a name="_Ref484143823">Attribute Assertions</a></p> |
---|
315 | <p><i>Attributes</i> are the |
---|
316 | information data elements in an attribute assertion you might make to another |
---|
317 | Federation participant concerning the identity of a person in your identity |
---|
318 | management system.</p> |
---|
319 | |
---|
320 | <p class=ParaNum2><a name="_Ref484143842"><span>2.11<span style='font:7.0pt "Times New Roman"'> </span></span>Would you consider your attribute assertions to |
---|
321 | be reliable enough to:</a></p> |
---|
322 | <p style='line-height:150%;page-break-after: |
---|
323 | avoid;'>[ ] control access to on-line |
---|
324 | information databases licensed to your organization?</p> |
---|
325 | <p style='line-height:150%;page-break-after: |
---|
326 | avoid;'>[ ] be used to purchase goods or |
---|
327 | services for your organization?</p> |
---|
328 | <p style='line-height:150%;page-break-after: |
---|
329 | avoid;'>[ ] |
---|
330 | enable access to personal information such as student loan status?</p> |
---|
331 | <p class=SubHeading><a name="_Ref484143850">Privacy Policy</a></p> |
---|
332 | <pIndent> |
---|
333 | Federation Participants must respect the legal and |
---|
334 | organizational privacy constraints on attribute information provided by other Participants |
---|
335 | and use it only for its intended purposes. |
---|
336 | </p> |
---|
337 | <p class=ParaNum2><a name="_Ref484685873"><span>2.12<span style='font:7.0pt "Times New Roman"'> </span></span>What restrictions do you place on the use of |
---|
338 | attribute information that you might provide to other Federation participants?</a></p> |
---|
339 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
340 | |
---|
341 | <p class=ParaNum2><a |
---|
342 | name="_Ref484687204"><span>2.13<span |
---|
343 | style='font:7.0pt "Times New Roman"'> </span></span>What |
---|
344 | policies govern the use of attribute information that you might release to |
---|
345 | other Federation participants? For |
---|
346 | example, is some information subject to FERPA or HIPAA restrictions?</a></p> |
---|
347 | <p class=Answerline>N/A (GENI is a Service Provider)</p> |
---|
348 | |
---|
349 | <p class=ParaNum1><span><span>3.<span |
---|
350 | style='font:7.0pt "Times New Roman"'> </span></span>Service |
---|
351 | Provider Information</span></p> |
---|
352 | <p><span>Service Providers are trusted to ask for |
---|
353 | only the information necessary to make an appropriate access control decision, |
---|
354 | and to not misuse information provided to them by Identity Providers. Service Providers must describe the basis on |
---|
355 | which access to resources is managed and their practices with respect to |
---|
356 | attribute information they receive from other Participants.</span></p> |
---|
357 | <p class=ParaNum2><span><a name="_Ref491345847"><span>3.1<span style='font:7.0pt "Times New Roman"'> </span></span>What attribute information about an individual |
---|
358 | do you require in order to manage access to resources you make available to |
---|
359 | other Participants? Describe separately |
---|
360 | for each resource ProviderID that you have registered.</a></span></p> |
---|
361 | <p class=Answerline>For all ProviderID's, GENI requires the |
---|
362 | following attributes: EPPN, affiliations, given name, surname (sn), |
---|
363 | email address (mail), and telephone number</p> |
---|
364 | |
---|
365 | <p class=ParaNum2><span><a name="_Ref491345858"><span>3.2<span style='font:7.0pt "Times New Roman"'> </span></span>What use do you make of attribute information |
---|
366 | that you receive in addition to basic access control decisions?</a></span><a |
---|
367 | name="_Ref484143876"> For example, do you aggregate session access |
---|
368 | records or records of specific information accessed based on attribute |
---|
369 | information, or make attribute information available to partner organizations, |
---|
370 | etc.?</a><a name="_Ref484686262"></a></p> |
---|
371 | |
---|
372 | <p class=Answerline>Attribute information is used to create a user |
---|
373 | profile and to contact individuals if support issues arise. Some |
---|
374 | attribute information (including, but not limited to, name and email |
---|
375 | address) is shared with partner organizations within GENI. Contact |
---|
376 | information (name, email address, telephone number) is used if GENI |
---|
377 | operations staff needs to get in touch with an individual for |
---|
378 | operational support. GENI operations staff includes GENI Project |
---|
379 | Office staff and operations staff at partner organizations within |
---|
380 | GENI but outside the GENI Project Office.</p> |
---|
381 | |
---|
382 | <p class=ParaNum2><span><a |
---|
383 | name="_Ref491345881"><span>3.3<span |
---|
384 | style='font:7.0pt "Times New Roman"'> </span></span>What |
---|
385 | human and technical controls are in place on access to and use of attribute |
---|
386 | information that might refer to only one specific person (i.e., personally |
---|
387 | identifiable information)? For example, |
---|
388 | is this information encrypted?</a></span></p> |
---|
389 | <p class=Answerline>Attributes are accessible only to employees |
---|
390 | with privileged access to the server. Privileged access is granted |
---|
391 | only to GENI Project Office system administrators and a subset of |
---|
392 | the technical staff. Attributes are stored in a database in clear |
---|
393 | text. This database is segregated from other databases. Access |
---|
394 | requires both a shell account on the server and an administrative |
---|
395 | database account.</p> |
---|
396 | |
---|
397 | <p class=ParaNum2><span><a |
---|
398 | name="_Ref491345893"><span>3.4<span |
---|
399 | style='font:7.0pt "Times New Roman"'> </span></span>Describe |
---|
400 | the human and technical controls that are in place on the management of |
---|
401 | super-user and other privileged accounts that might have the authority to grant |
---|
402 | access to personally identifiable information?</a></span></p> |
---|
403 | <p class=Answerline>Only the GENI Project Office system |
---|
404 | administrators and select members of the technical staff are |
---|
405 | granted super-user or other privileged accounts.</p> |
---|
406 | |
---|
407 | <p class=ParaNum2><span><a name="_Ref491345908"><span>3.5<span style='font:7.0pt "Times New Roman"'> </span></span>If personally identifiable information is |
---|
408 | compromised, what actions do you take to notify potentially affected |
---|
409 | individuals?</a></span></p> |
---|
410 | <p class=Answerline>If personally identifiable information is |
---|
411 | compromised, individuals would be contacted directly.</p> |
---|
412 | |
---|
413 | <p class=ParaNum1><span><a name="_Ref484691927"><span>4.<span style='font:7.0pt "Times New Roman"'> </span></span>Other Information</a></span></p> |
---|
414 | <p class=ParaNum2><span><a |
---|
415 | name="_Ref491345683"><span>4.1<span |
---|
416 | style='font:7.0pt "Times New Roman"'> </span></span>Technical |
---|
417 | Standards, Versions and Interoperability</a></span></p> |
---|
418 | <p>Identify the version of Internet2 Shibboleth code release that |
---|
419 | you are using or, if not using the standard Shibboleth code, what version(s) of |
---|
420 | the SAML and SOAP and any other relevant standards you have implemented for |
---|
421 | this purpose.</p> |
---|
422 | <p class=Answerline>Shibboleth Native Service Provider 2.x</p> |
---|
423 | |
---|
424 | <p class=ParaNum2><a name="_Ref484143900"><span>4.2<span style='font:7.0pt "Times New Roman"'> </span></span>Other Considerations</a></p> |
---|
425 | <p>Are there any other considerations or information that you wish |
---|
426 | to make known to other Federation participants with whom you might interoperate? |
---|
427 | For example, are there concerns about the use of clear text passwords or |
---|
428 | responsibilities in case of a security breach involving identity information |
---|
429 | you may have provided?</p> |
---|
430 | <p class=Answerline>None</p> |
---|
431 | |
---|
432 | <br clear=all |
---|
433 | style='page-break-before:always'> |
---|
434 | <h2>Additional Notes and Details on the Operational Practices Questions</h2> |
---|
435 | <p><a name="OLE_LINK8"></a><a name="OLE_LINK7">As a community of organizations willing to |
---|
436 | manage access to on-line resources cooperatively, and often without formal |
---|
437 | contracts in the case of non-commercial resources, it is essential that each Participant |
---|
438 | have a good understanding of the <i>identity</i> and resource management practices implemented by other Participants.</a> The purpose of the questions above is to |
---|
439 | establish a base level of common understanding by making this information |
---|
440 | available for other Participants to evaluate.</p> |
---|
441 | <p>In answering these questions, please consider what you would |
---|
442 | want to know about your own operations if you were another Participant deciding |
---|
443 | what level of trust to place in interactions with your on-line systems. For example:</p> |
---|
444 | <ul type=square> |
---|
445 | <li>What would you need to know about an<i> Identity Provider</i> in order to make |
---|
446 | an informed decision whether to accept its <i>assertions</i> to manage access to your on-line resources or |
---|
447 | applications?</li> |
---|
448 | <li>What would you need to know about a <i>Service Provider</i> in order to feel |
---|
449 | confident providing it information that it might not otherwise be able to |
---|
450 | have?</li> |
---|
451 | </ul> |
---|
452 | <p>It also might help to consider how <i>identity management systems</i> within a single institution could be |
---|
453 | used.</p> |
---|
454 | <ul type=square> |
---|
455 | <li>What might your central campus IT organization, as a <i>Service Provider</i>, ask of a peer |
---|
456 | campus <i>Identity Provider</i> (e.g., |
---|
457 | Computer Science Department, central Library, or Medical Center) in order |
---|
458 | to decide whether to accept its <i>identity</i> <i>assertions</i> for access to |
---|
459 | resources that the IT organization controls?</li> |
---|
460 | <li>What might a campus department ask about the central |
---|
461 | campus <i>identity management system</i> if the department wanted to leverage it for use with its own applications?</li> |
---|
462 | </ul> |
---|
463 | <p>The numbered paragraphs below provide additional background |
---|
464 | to the numbered questions in the main part of this document.</p> |
---|
465 | <p>[1.2] InCommon Participants who manage Identity Providers |
---|
466 | are strongly encouraged to post on their website the privacy and information |
---|
467 | security policies that govern their <i>identity |
---|
468 | management system</i>. Participants who |
---|
469 | manage Service Providers are strongly encouraged to post their policies with |
---|
470 | respect to use of personally identifying information.</p> |
---|
471 | <p>[1.3] Other InCommon Participants may wish to |
---|
472 | contact this person or office with further questions about the information you |
---|
473 | have provided or if they wish to establish a more formal relationship with your |
---|
474 | organization regarding resource sharing.</p> |
---|
475 | <p>[2] Many organizations have very informal |
---|
476 | processes for issuing electronic credentials. For example, one campus does this through its student bookstore. A <i>Service |
---|
477 | Provider</i> may be more willing to accept your <i>assertions</i> to the extent that this process can be seen as |
---|
478 | authoritative.</p> |
---|
479 | <p>[2.1] It is important for a <i>Service Provider</i> to have some idea of the community whose |
---|
480 | identities you may represent. This is |
---|
481 | particularly true for <i>assertions</i> such |
---|
482 | as the eduPerson "Member of Community." A typical definition might be "Faculty, staff, and active students" but |
---|
483 | it might also include alumni, prospective students, temporary employees, |
---|
484 | visiting scholars, etc. In addition, |
---|
485 | there may be formal or informal mechanisms for making exceptions to this |
---|
486 | definition, e.g., to accommodate a former student still finishing a thesis or |
---|
487 | an unpaid volunteer.</p> |
---|
488 | <p>This question asks to whom you, as an <i>Identity Provider</i>, will provide |
---|
489 | electronic credentials. This is |
---|
490 | typically broadly defined so that the organization can accommodate a wide |
---|
491 | variety of applications locally. The |
---|
492 | reason this question is important is to distinguish between the set of people |
---|
493 | who might have a credential that you issue and the subset of those people who |
---|
494 | fall within your definition of "Member of Community" for the purpose of |
---|
495 | InCommon <i>attribute assertions</i>.</p> |
---|
496 | <p>[2.2] The <i>assertion</i> of "Member of Community" is often good enough for deciding whether to grant |
---|
497 | access to basic on-line resources such as library-like materials or websites. InCommon encourages participants to use this <i>assertion</i> only for "Faculty, Staff, and |
---|
498 | active Students" but some organizations may have the need to define this |
---|
499 | differently. InCommon <i>Service Providers</i> need to know if this has |
---|
500 | been defined differently.</p> |
---|
501 | <p>[2.3] For example, if there is a campus recognized |
---|
502 | office of record that issues such electronic credentials and that office makes |
---|
503 | use of strong, reliable technology and good database management practices, |
---|
504 | those factors might indicate highly reliable credentials and hence trustworthy <i>identity</i> <i>assertions</i>.</p> |
---|
505 | <p>[2.4] Different technologies carry different |
---|
506 | inherent risks. For example, a userID |
---|
507 | and password can be shared or "stolen" rather easily. A PKI credential or SecureID card is much |
---|
508 | harder to share or steal. For practical |
---|
509 | reasons, some campuses use one technology for student credentials and another |
---|
510 | for faculty and staff. In some cases, |
---|
511 | sensitive applications will warrant stronger and/or secondary credentials.</p> |
---|
512 | <p>[2.5] Sending passwords in "clear text" is a |
---|
513 | significant risk, and all InCommon Participants are strongly encouraged to |
---|
514 | eliminate any such practice. Unfortunately this may be difficult, particularly with legacy |
---|
515 | applications. For example, gaining |
---|
516 | access to a centralized calendar application via a wireless data connection |
---|
517 | while you are attending a conference might reveal your password to many others |
---|
518 | at that conference. If this is also your |
---|
519 | campus credential password, it could be used by another person to impersonate |
---|
520 | you to InCommon Participants.</p> |
---|
521 | <p>[2.6] "Single sign-on" (SSO) is a method that allows |
---|
522 | a user to unlock his or her <i>electronic |
---|
523 | identity credential</i> once and then use it for access to a variety of |
---|
524 | resources and applications for some period of time. This avoids people having to remember many |
---|
525 | different identifiers and passwords or to continually log into and out of |
---|
526 | systems. However, it also may weaken the |
---|
527 | link between an <i>electronic identity</i> and the actual person to whom it refers if someone else might be able to use |
---|
528 | the same computer and assume the former user's <i>identity</i>. If there is no |
---|
529 | limit on the duration of a SSO session, a Federation <i>Service Provider</i> may be concerned about the validity of any <i>identity</i> <i>assertions</i> you might make. Therefore it is important to ask about your use of SSO technologies.</p> |
---|
530 | <p>[2.7] In some <i>identity |
---|
531 | management systems</i>, primary identifiers for people might be reused, |
---|
532 | particularly if they contain common names, e.g. Jim Smith@MYU.edu. This can create ambiguity if a <i>Service Provider</i> requires this primary |
---|
533 | identifier to manage access to resources for that person.</p> |
---|
534 | <p>[2.8] Security of the database that holds |
---|
535 | information about a person is at least as critical as the <i>electronic identity credentials</i> that provide the links to records |
---|
536 | in that database. Appropriate security |
---|
537 | for the database, as well as management and audit trails of changes made to |
---|
538 | that database, and management of access to that database information are |
---|
539 | important.</p> |
---|
540 | <p>[2.9] Many organizations will make available to |
---|
541 | anyone certain, limited "public information." Other information may be given only to internal organization users or |
---|
542 | applications, or may require permission from the subject under FERPA or HIPAA |
---|
543 | rules. A <i>Service Provider</i> may need to know what information you are willing |
---|
544 | to make available as "public information" and what rules might apply to other |
---|
545 | information that you might release.</p> |
---|
546 | <p>[2.10] In order to help a <i>Service Provider</i> assess how reliable your <i>identity</i> <i>assertions</i> may |
---|
547 | be, it is helpful to <span style='color:black'>know how your organization uses |
---|
548 | those same assertions.</span> The assumption here is that you are or will |
---|
549 | use the same <i>identity management system</i> for your own applications as you are using for federated purposes.</p> |
---|
550 | <p>[2.11] Your answer to this question indicates the |
---|
551 | degree of confidence you have in the accuracy of your <i>identity</i> <i>assertions</i>.</p> |
---|
552 | <p>[2.12] Even "public information" may be constrained |
---|
553 | in how it can be used. For example, |
---|
554 | creating a marketing email list by "harvesting" email addresses from a campus |
---|
555 | directory web site may be considered illicit use of that information. Please indicate what restrictions you place |
---|
556 | on information you make available to others.</p> |
---|
557 | <p>[2.13] Please indicate what legal or other external |
---|
558 | constraints there may be on information you make available to others.</p> |
---|
559 | <p>[3.1] Please identify your access management |
---|
560 | requirements to help other Participants understand and plan for use of your |
---|
561 | resource(s). You might also or instead |
---|
562 | provide contact information for an office or person who could answer inquiries.</p> |
---|
563 | <p>[3.2] As a <i>Service |
---|
564 | Provider</i>, please declare what use(s) you would make of attribute |
---|
565 | information you receive.</p> |
---|
566 | <p>[3.3] Personally identifying information can be a |
---|
567 | wide variety of things, not merely a name or credit card number. All information other than large group |
---|
568 | identity, e.g., "member of community," should be protected while resident on |
---|
569 | your systems.</p> |
---|
570 | <p>[3.4] Certain functional positions can have |
---|
571 | extraordinary privileges with respect to information on your systems. What oversight means are in place to ensure |
---|
572 | incumbents do not misuse such privileges?</p> |
---|
573 | <p>[3.5] Occasionally protections break down and |
---|
574 | information is compromised. Some states |
---|
575 | have laws requiring notification of affected individuals. What legal and/or institutional policies |
---|
576 | govern notification of individuals if information you hold is compromised?</p> |
---|
577 | <p>[4.1] Most InCommon Participants will use Internet2 |
---|
578 | Shibboleth technology, but this is not required. It may be important for other participants to |
---|
579 | understand whether you are using other implementations of the technology |
---|
580 | standards.</p> |
---|
581 | <p>[4.2] As an <i>Identity |
---|
582 | Provider</i>, you may wish to place constraints on the kinds of applications |
---|
583 | that may make use of your <i>assertions. </i>As a <i>Service |
---|
584 | Provider</i>, you may wish to make a statement about how User credentials must |
---|
585 | be managed. This question is completely |
---|
586 | open ended and for your use.</p> |
---|
587 | <br clear=all |
---|
588 | style='page-break-before:always'> |
---|
589 | <h2>Glossary</h2> |
---|
590 | <table border=0 cellspacing=0 cellpadding=0> |
---|
591 | <tr> |
---|
592 | <td width=137 valign=top><p>access management system</p></td> |
---|
593 | <td width=502 valign=top><p>The collection of systems and |
---|
594 | or services associated with specific on-line resources and/or services that |
---|
595 | together derive the decision about whether to allow a given individual to |
---|
596 | gain access to those resources or make use of those services.</p></td> |
---|
597 | </tr> |
---|
598 | <tr> |
---|
599 | <td width=137 valign=top><p>assertion</p></td> |
---|
600 | <td width=502 valign=top><p>The <i>identity</i> information provided by an <i>Identity Provider</i> to a <i>Service |
---|
601 | Provider</i>.</p></td> |
---|
602 | </tr> |
---|
603 | <tr> |
---|
604 | <td width=137 valign=top><p>attribute</p></td> |
---|
605 | <td width=502 valign=top><p>A single piece of information |
---|
606 | associated with an <i>electronic identity |
---|
607 | database</i> record. Some <i>attributes</i> are general; others are |
---|
608 | personal. Some subset of all <i>attributes</i> defines a unique |
---|
609 | individual.</p></td> |
---|
610 | </tr> |
---|
611 | <tr> |
---|
612 | <td width=137 valign=top><p>authentication</p></td> |
---|
613 | <td width=502 valign=top><p>The process by which a person |
---|
614 | verifies or confirms their association with an <i>electronic identifier</i>. For |
---|
615 | example, entering a password that is associated with an UserID or account |
---|
616 | name is assumed to verify that the user is the person to whom the UserID was |
---|
617 | issued.</p></td> |
---|
618 | </tr> |
---|
619 | <tr> |
---|
620 | <td width=137 valign=top><p>authorization</p></td> |
---|
621 | <td width=502 valign=top><p>The process of determining |
---|
622 | whether a specific person should be allowed to gain access to an application |
---|
623 | or function, or to make use of a resource. The resource manager then makes the access control decision, which |
---|
624 | also may take into account other factors such as time of day, location of the |
---|
625 | user, and/or load on the resource system.</p></td> |
---|
626 | </tr> |
---|
627 | <tr> |
---|
628 | <td width=137 valign=top><p>electronic identifier</p></td> |
---|
629 | <td width=502 valign=top><p>A string of characters or |
---|
630 | structured data that may be used to reference an <i>electronic identity</i>. Examples include an email address, a user account name, a Kerberos |
---|
631 | principal name, a UC or campus <i>NetID</i>, |
---|
632 | an employee or student ID, or a PKI certificate.</p></td> |
---|
633 | </tr> |
---|
634 | <tr> |
---|
635 | <td width=137 valign=top><p>electronic identity</p></td> |
---|
636 | <td width=502 valign=top><p>A set of information that is |
---|
637 | maintained about an individual, typically in campus <i>electronic identity databases</i>. May include roles and privileges as well as personal information. The information must be authoritative to |
---|
638 | the applications for which it will be used.</p></td> |
---|
639 | </tr> |
---|
640 | <tr> |
---|
641 | <td width=137 valign=top><p>electronic identity credential</p></td> |
---|
642 | <td width=502 valign=top><p>An <i>electronic identifier</i> and corresponding <i>personal secret</i> associated with an <i>electronic identity</i>. An <i>electronic identity credential </i>typically |
---|
643 | is issued to the person who is the subject of the information to enable that |
---|
644 | person to gain access to applications or other resources that need to control |
---|
645 | such access.</p></td> |
---|
646 | </tr> |
---|
647 | <tr> |
---|
648 | <td width=137 valign=top><p>electronic |
---|
649 | identity database</p></td> |
---|
650 | <td width=502 valign=top><p>A |
---|
651 | structured collection of information pertaining to a given individual. Sometimes referred to as an |
---|
652 | "enterprise directory." Typically includes name, address, email address, affiliation, and <i>electronic identifier(s)</i>. Many technologies can be used to create an <i>identity database,</i> for example LDAP or |
---|
653 | a set of linked relational databases.</p></td> |
---|
654 | </tr> |
---|
655 | <tr> |
---|
656 | <td width=137 valign=top><p style='page-break-before:always; |
---|
657 | '>identity</p></td> |
---|
658 | <td width=502 valign=top><p style='page-break-before:always; |
---|
659 | '><i>Identity</i> is the set of information associated with a specific |
---|
660 | physical person or other entity. Typically an Identity Provider will be authoritative for only a subset |
---|
661 | of a person's <i>identity</i> information. What <i>identity</i> <i>attributes</i> might be relevant in any situation depend on the context in which it is being |
---|
662 | questioned.</p></td> |
---|
663 | </tr> |
---|
664 | <tr> |
---|
665 | <td width=137 valign=top><p>identity |
---|
666 | management system</p></td> |
---|
667 | <td width=502 valign=top><p>A |
---|
668 | set of standards, procedures and technologies that provide electronic |
---|
669 | credentials to individuals and maintain authoritative information about the |
---|
670 | holders of those credentials.</p></td> |
---|
671 | </tr> |
---|
672 | <tr> |
---|
673 | <td width=137 valign=top><p>Identity Provider</p></td> |
---|
674 | <td width=502 valign=top><p><span style='color:black'>A |
---|
675 | campus or other organization that manages and operates an <i>identity management system</i> and offers information |
---|
676 | about members of its community to other InCommon participants.</span></p></td> |
---|
677 | </tr> |
---|
678 | <tr> |
---|
679 | <td width=137 valign=top><p>NetID</p></td> |
---|
680 | <td width=502 valign=top><p>An <i>electronic identifier</i> created |
---|
681 | specifically for use with on-line applications. It is often an integer and |
---|
682 | typically has no other meaning.</p></td> |
---|
683 | </tr> |
---|
684 | <tr> |
---|
685 | <td width=137 valign=top><p>personal |
---|
686 | secret</p> |
---|
687 | <p>(also </p> |
---|
688 | <p>verification |
---|
689 | token)</p></td> |
---|
690 | <td width=502 valign=top><p>Used |
---|
691 | in the context of this document, is synonymous with password, pass phrase or |
---|
692 | PIN. It enables the holder of an <i>electronic identifier </i>to confirm that |
---|
693 | s/he is the person to whom the identifier was issued.</p></td> |
---|
694 | </tr> |
---|
695 | <tr> |
---|
696 | <td width=137 valign=top><p>Service |
---|
697 | Provider</p></td> |
---|
698 | <td width=502 valign=top><p><span |
---|
699 | style='color:black'>A campus or other organization that makes on-line |
---|
700 | resources available to users based in part on information about them that it |
---|
701 | receives from other InCommon participants.</span></p></td> |
---|
702 | </tr> |
---|
703 | </table> |
---|
704 | </div> |
---|
705 | <br clear=all> |
---|
706 | <hr align=left size=1 width="33%"> |
---|
707 | <div id=ftn1> |
---|
708 | <p class=MsoFootnoteText><a href="#_ftnref1" |
---|
709 | name="_ftn1" title=""><span class=MsoFootnoteReference><span class=MsoFootnoteReference><span |
---|
710 | style='font-size:10.0pt;font-family:"Palatino","serif";'>[1]</span></span></span></a> Such permission already might be implied by existing contractual agreements.</p> |
---|
711 | </div> |
---|
712 | <div id=ftn2> |
---|
713 | <p class=MsoFootnoteText><a href="#_ftnref2" |
---|
714 | name="_ftn2" title=""><span class=MsoFootnoteReference><span class=MsoFootnoteReference><span |
---|
715 | style='font-size:10.0pt;font-family:"Palatino","serif";'>[2]</span></span></span></a> Your responses to these questions should be posted in a readily accessible |
---|
716 | place on your web site, and the URL submitted to InCommon. If not posted, you should post contact |
---|
717 | information for an office that can discuss it privately with other InCommon |
---|
718 | Participants as needed. If any of the |
---|
719 | information changes, you must update your on-line statement as soon as possible.</p> |
---|
720 | </div> |
---|
721 | <div id=ftn3> |
---|
722 | <p class=MsoFootnoteText><a href="#_ftnref3" |
---|
723 | name="_ftn3" title=""><span class=MsoFootnoteReference><span class=MsoFootnoteReference><span |
---|
724 | style='font-size:10.0pt;font-family:"Palatino","serif";'>[3]</span></span></span></a> A general note regarding attributes and recommendations within the Federation is |
---|
725 | available here: http://www.incommonfederation.org/attributes.html </p> |
---|
726 | </div> |
---|
727 | <div id=ftn4> |
---|
728 | <p class=MsoFootnoteText><a href="#_ftnref4" |
---|
729 | name="_ftn4" title=""><span class=MsoFootnoteReference><span class=MsoFootnoteReference><span |
---|
730 | style='font-size:10.0pt;font-family:"Palatino","serif";'>[4]</span></span></span></a> "Member" is one possible value for eduPersonAffiliation as defined in |
---|
731 | the eduPerson schema. It is intended to |
---|
732 | include faculty, staff, student, and other persons with a basic set of |
---|
733 | privileges that go with membership in the university community (e.g., library |
---|
734 | privileges). "Member of Community" could |
---|
735 | be derived from other values in eduPersonAffiliation or assigned explicitly as |
---|
736 | "Member" in the electronic identity database. See http://www.educause.edu/eduperson/</p> |
---|
737 | </div> |
---|
738 | </body> |
---|
739 | </html> |
---|