InCommon: geni-incommon-pop.html

File geni-incommon-pop.html, 44.7 KB (added by tmitchel@bbn.com, 13 years ago)
Line 
1<html xmlns="http://www.w3.org/TR/REC-html40">
2<head>
3<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
4<title>Federation Member Declaration</title>
5<link rel=dataStoreItem href="incommonpop_20080108_files/item0001.xml"
6target="incommonpop_20080108_files/props0002.xml">
7<link rel=themeData href="incommonpop_20080108_files/themedata.thmx">
8<link rel=colorSchemeMapping
9href="incommonpop_20080108_files/colorschememapping.xml">
10<style>
11<!--
12h1
13        {text-indent:-.25in;
14        page-break-after:avoid;
15        tab-stops:.25in;
16        font-size:12.0pt;
17        font-family:"Palatino","serif";}
18h2
19        {text-align:center;
20        page-break-after:avoid;
21        font-size:14.0pt;
22        font-family:"Helvetica","sans-serif";}
23h3
24        {page-break-after:avoid;
25        font-size:13.0pt;
26        font-family:"Helvetica","sans-serif";}
27h5
28        {text-autospace:none;
29        font-size:12.0pt;
30        font-family:"Times New Roman","serif";
31        font-weight:normal;}
32p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
33        {text-autospace:none;
34        font-size:12.0pt;
35        font-family:"Times New Roman","serif";}
36p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
37        {text-autospace:none;
38        font-size:12.0pt;
39        font-family:"Arial","sans-serif";}
40p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
41        {font-size:10.0pt;
42        font-family:"Palatino","serif";}
43p.MsoCommentText, li.MsoCommentText, div.MsoCommentText
44        {font-size:10.0pt;
45        font-family:"Palatino","serif";}
46p.MsoHeader, li.MsoHeader, div.MsoHeader
47        {tab-stops:center 3.0in right 6.0in;
48        font-size:12.0pt;
49        font-family:"Palatino","serif";}
50p.MsoFooter, li.MsoFooter, div.MsoFooter
51        {tab-stops:center 3.0in right 6.0in;
52        font-size:12.0pt;
53        font-family:"Palatino","serif";}
54span.MsoFootnoteReference
55        {vertical-align:super;}
56span.MsoCommentReference
57p.MsoListNumber, li.MsoListNumber, div.MsoListNumber
58        {text-indent:-.25in;
59        tab-stops:list .25in;
60        font-size:12.0pt;
61        font-family:"Palatino","serif";}
62p.MsoListNumber2, li.MsoListNumber2, div.MsoListNumber2
63        {text-indent:-.25in;
64        tab-stops:list .25in;
65        font-size:12.0pt;
66        font-family:"Palatino","serif";
67        display:none;}
68p.MsoBodyTextIndent, li.MsoBodyTextIndent, div.MsoBodyTextIndent
69        {text-autospace:none;
70        font-size:12.0pt;
71        font-family:Symbol;}
72a:link, span.MsoHyperlink
73        {color:none;
74        text-decoration:underline;
75        text-underline:single;}
76a:visited, span.MsoHyperlinkFollowed
77        {color:purple;
78        text-decoration:underline;
79        text-underline:single;}
80p.MsoCommentSubject, li.MsoCommentSubject, div.MsoCommentSubject
81        {font-size:10.0pt;
82        font-family:"Palatino","serif";
83        font-weight:bold;}
84p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
85        {font-size:8.0pt;
86        font-family:"Tahoma","sans-serif";}
87p.Default, li.Default, div.Default
88        {text-autospace:none;
89        font-size:12.0pt;
90        font-family:Symbol;
91        color:black;}
92p.ParaNum1, li.ParaNum1, div.ParaNum1
93        {text-indent:-.25in;
94        page-break-after:avoid;
95        tab-stops:.25in;
96        font-size:12.0pt;
97        font-family:"Palatino","serif";
98        font-weight:bold;}
99p.ParaNum2, li.ParaNum2, div.ParaNum2
100        {text-indent:-.1in;
101        page-break-after:avoid;
102        tab-stops:.25in .6in;
103        font-size:12.0pt;
104        font-family:"Palatino","serif";}
105p.ParaNum3, li.ParaNum3, div.ParaNum3
106        {text-indent:-.5in;
107        page-break-after:avoid;
108        tab-stops:.25in list .5in left .6in;
109        font-size:13.0pt;
110        font-family:"Palatino","serif";}
111p.ParaNum4, li.ParaNum4, div.ParaNum4
112        {text-indent:-.6in;
113        page-break-after:avoid;
114        tab-stops:.25in list .6in;
115        font-size:12.0pt;
116        font-family:"Palatino","serif";
117        font-weight:bold;}
118p.Answerline, li.Answerline, div.Answerline
119        {tab-stops:right 6.5in;
120        font-size:12.0pt;
121        font-family:"Palatino","serif";
122        font-style:italic;
123        text-decoration:underline;
124        text-underline:single;}
125p.Infoline, li.Infoline, div.Infoline
126        {tab-stops:right 5.5in;
127        font-size:12.0pt;
128        font-family:"Palatino","serif";}
129p.SubHeading, li.SubHeading, div.SubHeading
130        {page-break-after:avoid;
131        font-size:12.0pt;
132        font-family:"Palatino","serif";
133        font-weight:bold;
134        font-style:italic;}
135.MsoChpDefault
136ol
137        {ul
138        {-->
139</style>
140</head>
141<body bgcolor="#FFFFFF" vlink=purple lang=EN-US>
142<div class=Section1>
143  <p align=center style='text-align:center'><b><span style='font-size:14.0pt;'>INCOMMON
144    FEDERATION: PARTICIPANT<br>
145    OPERATIONAL PRACTICES</span></b></p>
146  <p><span style='color:black'>Participation
147    in the InCommon Federation (&quot;Federation&quot;) enables a federation participating
148    organization (&quot;Participant&quot;) to use Shibboleth <i>identity</i> <i>attribute </i>sharing
149    technologies to manage access to on-line resources that can be made available
150    to the InCommon community. One goal of
151    the Federation is to develop, over time, community standards for such
152    cooperating organizations to ensure that shared <i>attribute</i> <i>assertions</i> are
153    sufficiently robust and trustworthy to manage access to important protected
154    resources. As the community of trust
155    evolves, the Federation expects that participants eventually should be able to
156    trust each other's <i>identity management
157    systems</i> and resource <i>access
158    management systems</i> as they trust their own.</span></p>
159  <p><span style='color:black'>A
160    fundamental expectation of Participants is that they provide authoritative and
161    accurate attribute assertions to other Participants, and that Participants receiving
162    an attribute assertion protect it and respect privacy constraints placed on it
163    by the Federation or the source of that information. In furtherance of this goal, InCommon
164    requires that each Participant make available to other Participants certain
165    basic information about any identity management system, including the identity
166    attributes that are supported, or resource access management system registered
167    for use within the Federation.</span></p>
168  <p><span style='color:black'>Two
169    criteria for trustworthy attribute assertions by <i>Identity Providers</i> are: (1) that the identity management system
170    fall under the purview of the organization's executive or business management,
171    and (2) the system for issuing end-user credentials (e.g., PKI certificates,
172    userids/passwords, Kerberos principals, etc.) specifically have in place
173    appropriate risk management measures (e.g., <i>authentication</i> and <i>authorization</i> standards, security
174    practices, risk assessment, change management controls, audit trails, etc.).<i> </i></span></p>
175  <p><span style='color:black'>InCommon
176    expects that <i>Service Providers</i>, who
177    receive attribute assertions from another Participant, respect the other Participant's
178    policies, rules, and standards regarding the protection and use of that
179    data. Furthermore, such information
180    should be used only for the purposes for which it was provided. InCommon strongly discourages the sharing of
181    that data with third parties, or aggregation of it for marketing purposes
182    without the explicit permission<a href="#_ftn1"
183name="_ftnref1" title=""><span class=MsoFootnoteReference><span
184class=MsoFootnoteReference><span style='font-size:12.0pt;font-family:"Palatino","serif";"Times New Roman";color:black;'>[1]</span></span></span></a> of
185    the identity information providing Participant.</span></p>
186  <p><span style='color:black'>InCommon
187    requires Participants to make available to all other Participants answers to
188    the questions below.<a href="#_ftn2"
189name="_ftnref2" title=""><span class=MsoFootnoteReference><span
190class=MsoFootnoteReference><span style='font-size:12.0pt;font-family:"Palatino","serif";"Times New Roman";color:black;'>[2] </span></span></span></a>Additional information to help answer each
191    question is available in the next section of this document. There is also a glossary at the end of this
192    document that defines terms shown in italics.<a name="_Ref484143697"></a></span></p>
193  <br
194clear=all style='page-break-before:always'>
195  <h1><span
196style='color:black'><span>1.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span>Federation Participant Information</h1>
197  <p class=ParaNum2><span>1.1<span
198style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>The
199    InCommon Participant Operational Practices information below is for:</p>
200  <p class=Infoline>InCommon Participant organization
201    name: <u>&nbsp;GENI Project Office&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u></p>
202  <p class=Infoline>The information below is accurate
203    as of this date:<u>&nbsp;August 15, 2011&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u></p>
204  <p class=ParaNum2><a name="_Ref491345499"><span>1.2<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Identity Management and/or Privacy information</a></p>
205  <pIndent>
206  Additional information about the Participant's
207  identity management practices and/or privacy policy regarding personal
208  information can be found on-line at the following location(s).
209  </p>
210  <p class=Infoline>URL(s): <u> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u> </p>
211  <p class=ParaNum2><a name="_Ref491344385"><span>1.3<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Contact information</a></p>
212  <pIndent>
213  The following person or
214  office can answer questions about the Participant's<i> </i>identity management system or resource access management policy or
215  practice.
216  </p>
217  <p class=Infoline>Name: <u>&nbsp;Tom Mitchell&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u> </p>
218  <p class=Infoline>Title or role <u>&nbsp;InCommon Technical POC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u> </p>
219  <p class=Infoline>Email address <u>&nbsp;tmitchell@bbn.com&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u> </p>
220  <p class=Infoline>Phone <u>&nbsp;617-873-3905&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u> FAX <u> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u></p>
221  <p class=ParaNum1><a
222name="_Ref491346906"><span>2.<span
223style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Identity
224    Provider Information</a></p>
225  <p>The most critical responsibility that an IdentityProvider
226    Participant has to the Federation is to provide trustworthy and accurate
227    identity assertions.<a href="#_ftn3"
228name="_ftnref3" title=""><span class=MsoFootnoteReference><span
229class=MsoFootnoteReference><span style='font-size:12.0pt;font-family:"Palatino","serif";"Times New Roman";'>[3]</span></span></span></a> It is important for a Service Provider to
230    know how your <i>electronic identity
231    credentials</i> are issued and how reliable the information associated with a
232    given credential (or person) is. </p>
233  <p style='
234page-break-after:avoid'><b><i>Community</i></b></p>
235  <p class=ParaNum2><a name="_Ref491346920"><span>2.1<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>If you are an Identity Provider, how do you
236    define the set of people who are eligible to receive an <i>electronic identity</i>? If
237    exceptions to this definition are allowed, who must approve such an exception?</a></p>
238  <p class=Answerline>N/A (GENI is a Service Provider)</p>
239
240  <p class=ParaNum2><a name="_Ref491346932"><span>2.2<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>&quot;Member of Community&quot;</a><a href="#_ftn4" name="_ftnref4" title=""><span
241class=MsoFootnoteReference><span><span style='font-size:12.0pt;font-family:"Palatino","serif";"Times New Roman";'>[4]</span></span></span></a> is an assertion that might be offered to
242    enable access to resources made available to individuals who participate in the
243    primary mission of the university or organization. For example, this assertion might apply to
244  anyone whose affiliation is &quot;current student, faculty, or staff.&quot;</p>
245  <p class=ParaNum2> What subset of persons registered in your identity management system would you
246    identify as a &quot;Member of Community&quot; in Shibboleth identity assertions to other
247  InCommon Participants?</p>
248  <p class=Answerline>N/A (GENI is a Service Provider)</p>
249
250  <p style='
251page-break-after:avoid'><b><i>Electronic Identity Credentials</i></b></p>
252  <p class=ParaNum2><a
253name="_Ref484143726"><span>2.3<span
254style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Please
255    describe in general terms the administrative process used to establish an
256    electronic identity that results in a record for that person being created in
257    your <i>electronic identity database</i>? Please identify the<i> </i>office(s) of record for this purpose. For example, &quot;Registrar's Office for
258    students; HR for faculty and staff.&quot;</a></p>
259  <p class=Answerline>N/A (GENI is a Service Provider)</p>
260
261  <p class=ParaNum2><a name="_Ref491344811"></a><a name="_Ref484143732"><span>2.4<span
262style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>What
263    technologies are used for your electronic identity credentials (e.g., Kerberos,
264    userID/password, PKI, ...) that are relevant to Federation activities? If more than one type of electronic
265    credential is issued, how is it determined who receives which type?</a> If
266    multiple credentials are linked, how is this managed (e.g., anyone with a
267    Kerberos credential also can acquire a PKI credential) and recorded?</p>
268  <p class=Answerline>N/A (GENI is a Service Provider)</p>
269
270  <p class=ParaNum2><a name="_Ref484143738"><span>2.5<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>If your electronic identity credentials require
271    the use of a secret password or PIN, and there are circumstances in which that
272    secret would be transmitted across a network without being protected by
273    encryption (i.e., &quot;clear text passwords&quot; are used when accessing campus
274    services), please identify who in your organization can discuss with any other
275    Participant concerns that this might raise for them:</a></p>
276  <p class=Answerline>N/A (GENI is a Service Provider)</p>
277
278  <p class=ParaNum2><a name="_Ref491344942"></a><a name="_Ref484143744"><span>2.6<span
279style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>If
280    you support a &quot;single sign-on&quot; (SSO) or similar campus-wide system to allow a
281    single user authentication action to serve multiple applications, and you will
282    make use of this to authenticate people for InCommon Service Providers, please
283    describe the key security aspects of your SSO system including whether session
284    timeouts are enforced by the system</a>,
285    whether user-initiated session termination is supported, and how use with
286    &quot;public access sites&quot; is protected.</p>
287  <p class=Answerline>N/A (GENI is a Service Provider)</p>
288
289  <p class=ParaNum2><a name="_Ref484143786"><span>2.7<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Are your primary <i>electronic identifiers</i> for people, such as &quot;net ID,&quot; eduPersonPrincipalName,
290    or eduPersonTargetedID considered to be unique for all time to the individual
291    to whom they are assigned? If not, what
292    is your policy for re-assignment and is there a hiatus between such reuse?</a></p>
293  <p class=Answerline>N/A (GENI is a Service Provider)</p>
294
295  <p style='
296page-break-after:avoid'><b><i>Electronic Identity Database</i></b></p>
297  <p class=ParaNum2><a name="_Ref484143794"><span>2.8<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>How is information in your electronic identity
298    database acquired and updated? Are
299    specific offices designated by your administration to perform this
300    function? Are individuals allowed to
301    update their own information on-line?</a></p>
302  <p class=Answerline>N/A (GENI is a Service Provider)</p>
303
304  <p class=ParaNum2><a name="_Ref484580135"><span>2.9<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>What information in this database is considered
305    &quot;public information&quot; and would be provided to any interested party?</a></p>
306  <p class=Answerline>N/A (GENI is a Service Provider)</p>
307
308  <p class=SubHeading>Uses of Your Electronic Identity Credential System</p>
309  <p class=ParaNum2><a name="_Ref484143813"><span>2.10<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span></span>Please identify typical classes of applications
310    for which your electronic identity credentials are used within your own
311    organization</a>.</p>
312  <p class=Answerline>N/A (GENI is a Service Provider)</p>
313
314  <p class=SubHeading><a name="_Ref484143823">Attribute Assertions</a></p>
315  <p><i>Attributes</i> are the
316    information data elements in an attribute assertion you might make to another
317    Federation participant concerning the identity of a person in your identity
318    management system.</p>
319
320  <p class=ParaNum2><a name="_Ref484143842"><span>2.11<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span></span>Would you consider your attribute assertions to
321    be reliable enough to:</a></p>
322  <p style='line-height:150%;page-break-after:
323avoid;'>[&nbsp;&nbsp;] control access to on-line
324    information databases licensed to your organization?</p>
325  <p style='line-height:150%;page-break-after:
326avoid;'>[&nbsp;&nbsp;] be used to purchase goods or
327    services for your organization?</p>
328  <p style='line-height:150%;page-break-after:
329avoid;'>[&nbsp;&nbsp;]
330    enable access to personal information such as student loan status?</p>
331  <p class=SubHeading><a name="_Ref484143850">Privacy Policy</a></p>
332  <pIndent>
333  Federation Participants must respect the legal and
334  organizational privacy constraints on attribute information provided by other Participants
335  and use it only for its intended purposes.
336  </p>
337  <p class=ParaNum2><a name="_Ref484685873"><span>2.12<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span></span>What restrictions do you place on the use of
338    attribute information that you might provide to other Federation participants?</a></p>
339  <p class=Answerline>N/A (GENI is a Service Provider)</p>
340
341  <p class=ParaNum2><a
342name="_Ref484687204"><span>2.13<span
343style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span></span>What
344    policies govern the use of attribute information that you might release to
345    other Federation participants? For
346    example, is some information subject to FERPA or HIPAA restrictions?</a></p>
347  <p class=Answerline>N/A (GENI is a Service Provider)</p>
348
349  <p class=ParaNum1><span><span>3.<span
350style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Service
351    Provider Information</span></p>
352  <p><span>Service Providers are trusted to ask for
353    only the information necessary to make an appropriate access control decision,
354    and to not misuse information provided to them by Identity Providers. Service Providers must describe the basis on
355    which access to resources is managed and their practices with respect to
356    attribute information they receive from other Participants.</span></p>
357  <p class=ParaNum2><span><a name="_Ref491345847"><span>3.1<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>What attribute information about an individual
358    do you require in order to manage access to resources you make available to
359    other Participants? Describe separately
360    for each resource ProviderID that you have registered.</a></span></p>
361  <p class=Answerline>For all ProviderID's, GENI requires the
362  following attributes: EPPN, affiliations, given name, surname (sn),
363  email address (mail), and telephone number</p>
364
365  <p class=ParaNum2><span><a name="_Ref491345858"><span>3.2<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>What use do you make of attribute information
366    that you receive in addition to basic access control decisions?</a></span><a
367name="_Ref484143876"> For example, do you aggregate session access
368    records or records of specific information accessed based on attribute
369    information, or make attribute information available to partner organizations,
370    etc.?</a><a name="_Ref484686262"></a></p>
371
372  <p class=Answerline>Attribute information is used to create a user
373  profile and to contact individuals if support issues arise. Some
374  attribute information (including, but not limited to, name and email
375  address) is shared with partner organizations within GENI. Contact
376  information (name, email address, telephone number) is used if GENI
377  operations staff needs to get in touch with an individual for
378  operational support. GENI operations staff includes GENI Project
379  Office staff and operations staff at partner organizations within
380  GENI but outside the GENI Project Office.</p>
381
382  <p class=ParaNum2><span><a
383name="_Ref491345881"><span>3.3<span
384style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>What
385    human and technical controls are in place on access to and use of attribute
386    information that might refer to only one specific person (i.e., personally
387    identifiable information)? For example,
388    is this information encrypted?</a></span></p>
389  <p class=Answerline>Attributes are accessible only to employees
390  with privileged access to the server. Privileged access is granted
391  only to GENI Project Office system administrators and a subset of
392  the technical staff. Attributes are stored in a database in clear
393  text. This database is segregated from other databases. Access
394  requires both a shell account on the server and an administrative
395  database account.</p>
396
397  <p class=ParaNum2><span><a
398name="_Ref491345893"><span>3.4<span
399style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Describe
400    the human and technical controls that are in place on the management of
401    super-user and other privileged accounts that might have the authority to grant
402    access to personally identifiable information?</a></span></p>
403  <p class=Answerline>Only the GENI Project Office system
404  administrators and select members of the technical staff are
405  granted super-user or other privileged accounts.</p>
406
407  <p class=ParaNum2><span><a name="_Ref491345908"><span>3.5<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>If personally identifiable information is
408    compromised, what actions do you take to notify potentially affected
409    individuals?</a></span></p>
410  <p class=Answerline>If personally identifiable information is
411  compromised, individuals would be contacted directly.</p>
412
413  <p class=ParaNum1><span><a name="_Ref484691927"><span>4.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Other Information</a></span></p>
414  <p class=ParaNum2><span><a
415name="_Ref491345683"><span>4.1<span
416style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Technical
417    Standards, Versions and Interoperability</a></span></p>
418  <p>Identify the version of Internet2 Shibboleth code release that
419    you are using or, if not using the standard Shibboleth code, what version(s) of
420    the SAML and SOAP and any other relevant standards you have implemented for
421    this purpose.</p>
422  <p class=Answerline>Shibboleth Native Service Provider 2.x</p>
423
424  <p class=ParaNum2><a name="_Ref484143900"><span>4.2<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>Other Considerations</a></p>
425  <p>Are there any other considerations or information that you wish
426    to make known to other Federation participants with whom you might interoperate?
427    For example, are there concerns about the use of clear text passwords or
428    responsibilities in case of a security breach involving identity information
429    you may have provided?</p>
430  <p class=Answerline>None</p>
431
432  <br clear=all
433style='page-break-before:always'>
434  <h2>Additional Notes and Details on the Operational Practices Questions</h2>
435  <p><a name="OLE_LINK8"></a><a name="OLE_LINK7">As a community of organizations willing to
436    manage access to on-line resources cooperatively, and often without formal
437    contracts in the case of non-commercial resources, it is essential that each Participant
438    have a good understanding of the <i>identity</i> and resource management practices implemented by other Participants.</a> The purpose of the questions above is to
439    establish a base level of common understanding by making this information
440    available for other Participants to evaluate.</p>
441  <p>In answering these questions, please consider what you would
442    want to know about your own operations if you were another Participant deciding
443    what level of trust to place in interactions with your on-line systems. For example:</p>
444  <ul type=square>
445    <li>What would you need to know about an<i> Identity Provider</i> in order to make
446      an informed decision whether to accept its <i>assertions</i> to manage access to your on-line resources or
447      applications?</li>
448    <li>What would you need to know about a <i>Service Provider</i> in order to feel
449      confident providing it information that it might not otherwise be able to
450      have?</li>
451  </ul>
452  <p>It also might help to consider how <i>identity management systems</i> within a single institution could be
453    used.</p>
454  <ul type=square>
455    <li>What might your central campus IT organization, as a <i>Service Provider</i>, ask of a peer
456      campus <i>Identity Provider</i> (e.g.,
457      Computer Science Department, central Library, or Medical Center) in order
458      to decide whether to accept its <i>identity</i> <i>assertions</i> for access to
459      resources that the IT organization controls?</li>
460    <li>What might a campus department ask about the central
461      campus <i>identity management system</i> if the department wanted to leverage it for use with its own applications?</li>
462  </ul>
463  <p>The numbered paragraphs below provide additional background
464    to the numbered questions in the main part of this document.</p>
465  <p>[1.2] InCommon Participants who manage Identity Providers
466    are strongly encouraged to post on their website the privacy and information
467    security policies that govern their <i>identity
468    management system</i>. Participants who
469    manage Service Providers are strongly encouraged to post their policies with
470    respect to use of personally identifying information.</p>
471  <p>[1.3] Other InCommon Participants may wish to
472    contact this person or office with further questions about the information you
473    have provided or if they wish to establish a more formal relationship with your
474    organization regarding resource sharing.</p>
475  <p>[2] Many organizations have very informal
476    processes for issuing electronic credentials. For example, one campus does this through its student bookstore. A <i>Service
477    Provider</i> may be more willing to accept your <i>assertions</i> to the extent that this process can be seen as
478    authoritative.</p>
479  <p>[2.1] It is important for a <i>Service Provider</i> to have some idea of the community whose
480    identities you may represent. This is
481    particularly true for <i>assertions</i> such
482    as the eduPerson &quot;Member of Community.&quot; A typical definition might be &quot;Faculty, staff, and active students&quot; but
483    it might also include alumni, prospective students, temporary employees,
484    visiting scholars, etc. In addition,
485    there may be formal or informal mechanisms for making exceptions to this
486    definition, e.g., to accommodate a former student still finishing a thesis or
487    an unpaid volunteer.</p>
488  <p>This question asks to whom you, as an <i>Identity Provider</i>, will provide
489    electronic credentials. This is
490    typically broadly defined so that the organization can accommodate a wide
491    variety of applications locally. The
492    reason this question is important is to distinguish between the set of people
493    who might have a credential that you issue and the subset of those people who
494    fall within your definition of &quot;Member of Community&quot; for the purpose of
495    InCommon <i>attribute assertions</i>.</p>
496  <p>[2.2] The <i>assertion</i> of &quot;Member of Community&quot; is often good enough for deciding whether to grant
497    access to basic on-line resources such as library-like materials or websites. InCommon encourages participants to use this <i>assertion</i> only for &quot;Faculty, Staff, and
498    active Students&quot; but some organizations may have the need to define this
499    differently. InCommon <i>Service Providers</i> need to know if this has
500    been defined differently.</p>
501  <p>[2.3] For example, if there is a campus recognized
502    office of record that issues such electronic credentials and that office makes
503    use of strong, reliable technology and good database management practices,
504    those factors might indicate highly reliable credentials and hence trustworthy <i>identity</i> <i>assertions</i>.</p>
505  <p>[2.4] Different technologies carry different
506    inherent risks. For example, a userID
507    and password can be shared or &quot;stolen&quot; rather easily. A PKI credential or SecureID card is much
508    harder to share or steal. For practical
509    reasons, some campuses use one technology for student credentials and another
510    for faculty and staff. In some cases,
511    sensitive applications will warrant stronger and/or secondary credentials.</p>
512  <p>[2.5] Sending passwords in &quot;clear text&quot; is a
513    significant risk, and all InCommon Participants are strongly encouraged to
514    eliminate any such practice. Unfortunately this may be difficult, particularly with legacy
515    applications. For example, gaining
516    access to a centralized calendar application via a wireless data connection
517    while you are attending a conference might reveal your password to many others
518    at that conference. If this is also your
519    campus credential password, it could be used by another person to impersonate
520    you to InCommon Participants.</p>
521  <p>[2.6] &quot;Single sign-on&quot; (SSO) is a method that allows
522    a user to unlock his or her <i>electronic
523    identity credential</i> once and then use it for access to a variety of
524    resources and applications for some period of time. This avoids people having to remember many
525    different identifiers and passwords or to continually log into and out of
526    systems. However, it also may weaken the
527    link between an <i>electronic identity</i> and the actual person to whom it refers if someone else might be able to use
528    the same computer and assume the former user's <i>identity</i>. If there is no
529    limit on the duration of a SSO session, a Federation <i>Service Provider</i> may be concerned about the validity of any <i>identity</i> <i>assertions</i> you might make. Therefore it is important to ask about your use of SSO technologies.</p>
530  <p>[2.7] In some <i>identity
531    management systems</i>, primary identifiers for people might be reused,
532    particularly if they contain common names, e.g. Jim Smith@MYU.edu. This can create ambiguity if a <i>Service Provider</i> requires this primary
533    identifier to manage access to resources for that person.</p>
534  <p>[2.8] Security of the database that holds
535    information about a person is at least as critical as the <i>electronic identity credentials</i> that provide the links to records
536    in that database. Appropriate security
537    for the database, as well as management and audit trails of changes made to
538    that database, and management of access to that database information are
539    important.</p>
540  <p>[2.9] Many organizations will make available to
541    anyone certain, limited &quot;public information.&quot; Other information may be given only to internal organization users or
542    applications, or may require permission from the subject under FERPA or HIPAA
543    rules. A <i>Service Provider</i> may need to know what information you are willing
544    to make available as &quot;public information&quot; and what rules might apply to other
545    information that you might release.</p>
546  <p>[2.10] In order to help a <i>Service Provider</i> assess how reliable your <i>identity</i> <i>assertions</i> may
547    be, it is helpful to <span style='color:black'>know how your organization uses
548    those same assertions.</span> The assumption here is that you are or will
549    use the same <i>identity management system</i> for your own applications as you are using for federated purposes.</p>
550  <p>[2.11] Your answer to this question indicates the
551    degree of confidence you have in the accuracy of your <i>identity</i> <i>assertions</i>.</p>
552  <p>[2.12] Even &quot;public information&quot; may be constrained
553    in how it can be used. For example,
554    creating a marketing email list by &quot;harvesting&quot; email addresses from a campus
555    directory web site may be considered illicit use of that information. Please indicate what restrictions you place
556    on information you make available to others.</p>
557  <p>[2.13] Please indicate what legal or other external
558    constraints there may be on information you make available to others.</p>
559  <p>[3.1] Please identify your access management
560    requirements to help other Participants understand and plan for use of your
561    resource(s). You might also or instead
562    provide contact information for an office or person who could answer inquiries.</p>
563  <p>[3.2] As a <i>Service
564    Provider</i>, please declare what use(s) you would make of attribute
565    information you receive.</p>
566  <p>[3.3] Personally identifying information can be a
567    wide variety of things, not merely a name or credit card number. All information other than large group
568    identity, e.g., &quot;member of community,&quot; should be protected while resident on
569    your systems.</p>
570  <p>[3.4] Certain functional positions can have
571    extraordinary privileges with respect to information on your systems. What oversight means are in place to ensure
572    incumbents do not misuse such privileges?</p>
573  <p>[3.5] Occasionally protections break down and
574    information is compromised. Some states
575    have laws requiring notification of affected individuals. What legal and/or institutional policies
576    govern notification of individuals if information you hold is compromised?</p>
577  <p>[4.1] Most InCommon Participants will use Internet2
578    Shibboleth technology, but this is not required. It may be important for other participants to
579    understand whether you are using other implementations of the technology
580    standards.</p>
581  <p>[4.2] As an <i>Identity
582    Provider</i>, you may wish to place constraints on the kinds of applications
583    that may make use of your <i>assertions. </i>As a <i>Service
584    Provider</i>, you may wish to make a statement about how User credentials must
585    be managed. This question is completely
586    open ended and for your use.</p>
587  <br clear=all
588style='page-break-before:always'>
589  <h2>Glossary</h2>
590  <table border=0 cellspacing=0 cellpadding=0>
591    <tr>
592      <td width=137 valign=top><p>access management system</p></td>
593      <td width=502 valign=top><p>The collection of systems and
594          or services associated with specific on-line resources and/or services that
595          together derive the decision about whether to allow a given individual to
596          gain access to those resources or make use of those services.</p></td>
597    </tr>
598    <tr>
599      <td width=137 valign=top><p>assertion</p></td>
600      <td width=502 valign=top><p>The <i>identity</i> information provided by an <i>Identity Provider</i> to a <i>Service
601          Provider</i>.</p></td>
602    </tr>
603    <tr>
604      <td width=137 valign=top><p>attribute</p></td>
605      <td width=502 valign=top><p>A single piece of information
606          associated with an <i>electronic identity
607          database</i> record. Some <i>attributes</i> are general; others are
608          personal. Some subset of all <i>attributes</i> defines a unique
609          individual.</p></td>
610    </tr>
611    <tr>
612      <td width=137 valign=top><p>authentication</p></td>
613      <td width=502 valign=top><p>The process by which a person
614          verifies or confirms their association with an <i>electronic identifier</i>. For
615          example, entering a password that is associated with an UserID or account
616          name is assumed to verify that the user is the person to whom the UserID was
617          issued.</p></td>
618    </tr>
619    <tr>
620      <td width=137 valign=top><p>authorization</p></td>
621      <td width=502 valign=top><p>The process of determining
622          whether a specific person should be allowed to gain access to an application
623          or function, or to make use of a resource. The resource manager then makes the access control decision, which
624          also may take into account other factors such as time of day, location of the
625          user, and/or load on the resource system.</p></td>
626    </tr>
627    <tr>
628      <td width=137 valign=top><p>electronic identifier</p></td>
629      <td width=502 valign=top><p>A string of characters or
630          structured data that may be used to reference an <i>electronic identity</i>. Examples include an email address, a user account name, a Kerberos
631          principal name, a UC or campus <i>NetID</i>,
632          an employee or student ID, or a PKI certificate.</p></td>
633    </tr>
634    <tr>
635      <td width=137 valign=top><p>electronic identity</p></td>
636      <td width=502 valign=top><p>A set of information that is
637          maintained about an individual, typically in campus <i>electronic identity databases</i>. May include roles and privileges as well as personal information. The information must be authoritative to
638          the applications for which it will be used.</p></td>
639    </tr>
640    <tr>
641      <td width=137 valign=top><p>electronic identity credential</p></td>
642      <td width=502 valign=top><p>An <i>electronic identifier</i> and corresponding <i>personal secret</i> associated with an <i>electronic identity</i>. An <i>electronic identity credential </i>typically
643          is issued to the person who is the subject of the information to enable that
644          person to gain access to applications or other resources that need to control
645          such access.</p></td>
646    </tr>
647    <tr>
648      <td width=137 valign=top><p>electronic
649          identity database</p></td>
650      <td width=502 valign=top><p>A
651          structured collection of information pertaining to a given individual. Sometimes referred to as an
652          &quot;enterprise directory.&quot; Typically includes name, address, email address, affiliation, and <i>electronic identifier(s)</i>. Many technologies can be used to create an <i>identity database,</i> for example LDAP or
653          a set of linked relational databases.</p></td>
654    </tr>
655    <tr>
656      <td width=137 valign=top><p style='page-break-before:always;
657  '>identity</p></td>
658      <td width=502 valign=top><p style='page-break-before:always;
659  '><i>Identity</i> is the set of information associated with a specific
660          physical person or other entity. Typically an Identity Provider will be authoritative for only a subset
661          of a person's <i>identity</i> information. What <i>identity</i> <i>attributes</i> might be relevant in any situation depend on the context in which it is being
662          questioned.</p></td>
663    </tr>
664    <tr>
665      <td width=137 valign=top><p>identity
666          management system</p></td>
667      <td width=502 valign=top><p>A
668          set of standards, procedures and technologies that provide electronic
669          credentials to individuals and maintain authoritative information about the
670          holders of those credentials.</p></td>
671    </tr>
672    <tr>
673      <td width=137 valign=top><p>Identity Provider</p></td>
674      <td width=502 valign=top><p><span style='color:black'>A
675          campus or other organization that manages and operates an <i>identity management system</i> and offers information
676          about members of its community to other InCommon participants.</span></p></td>
677    </tr>
678    <tr>
679      <td width=137 valign=top><p>NetID</p></td>
680      <td width=502 valign=top><p>An <i>electronic identifier</i> created
681          specifically for use with on-line applications. It is often an integer and
682          typically has no other meaning.</p></td>
683    </tr>
684    <tr>
685      <td width=137 valign=top><p>personal
686          secret</p>
687        <p>(also </p>
688        <p>verification
689          token)</p></td>
690      <td width=502 valign=top><p>Used
691          in the context of this document, is synonymous with password, pass phrase or
692          PIN. It enables the holder of an <i>electronic identifier </i>to confirm that
693          s/he is the person to whom the identifier was issued.</p></td>
694    </tr>
695    <tr>
696      <td width=137 valign=top><p>Service
697          Provider</p></td>
698      <td width=502 valign=top><p><span
699  style='color:black'>A campus or other organization that makes on-line
700          resources available to users based in part on information about them that it
701          receives from other InCommon participants.</span></p></td>
702    </tr>
703  </table>
704</div>
705<br clear=all>
706<hr align=left size=1 width="33%">
707<div id=ftn1>
708  <p class=MsoFootnoteText><a href="#_ftnref1"
709name="_ftn1" title=""><span class=MsoFootnoteReference><span class=MsoFootnoteReference><span
710style='font-size:10.0pt;font-family:"Palatino","serif";'>[1]</span></span></span></a> Such permission already might be implied by existing contractual agreements.</p>
711</div>
712<div id=ftn2>
713  <p class=MsoFootnoteText><a href="#_ftnref2"
714name="_ftn2" title=""><span class=MsoFootnoteReference><span class=MsoFootnoteReference><span
715style='font-size:10.0pt;font-family:"Palatino","serif";'>[2]</span></span></span></a> Your responses to these questions should be posted in a readily accessible
716    place on your web site, and the URL submitted to InCommon. If not posted, you should post contact
717    information for an office that can discuss it privately with other InCommon
718    Participants as needed. If any of the
719    information changes, you must update your on-line statement as soon as possible.</p>
720</div>
721<div id=ftn3>
722  <p class=MsoFootnoteText><a href="#_ftnref3"
723name="_ftn3" title=""><span class=MsoFootnoteReference><span class=MsoFootnoteReference><span
724style='font-size:10.0pt;font-family:"Palatino","serif";'>[3]</span></span></span></a> A general note regarding attributes and recommendations within the Federation is
725    available here: http://www.incommonfederation.org/attributes.html </p>
726</div>
727<div id=ftn4>
728  <p class=MsoFootnoteText><a href="#_ftnref4"
729name="_ftn4" title=""><span class=MsoFootnoteReference><span class=MsoFootnoteReference><span
730style='font-size:10.0pt;font-family:"Palatino","serif";'>[4]</span></span></span></a> &quot;Member&quot; is one possible value for eduPersonAffiliation as defined in
731    the eduPerson schema. It is intended to
732    include faculty, staff, student, and other persons with a basic set of
733    privileges that go with membership in the university community (e.g., library
734    privileges). &quot;Member of Community&quot; could
735    be derived from other values in eduPersonAffiliation or assigned explicitly as
736    &quot;Member&quot; in the electronic identity database. See http://www.educause.edu/eduperson/</p>
737</div>
738</body>
739</html>