March 17, 2021
This week, InCommon operations began sending notices to Federation participants of the need to meet the new Baseline Expectation for Trust in Federation. Organizations received notices if they have identity providers and/or service providers that do not meet one or more of the expectations.
Most organizations received a notice, via email to their site administrators, since less than 10% of Federation participants meet all three of the expectations.
The new expectations include three technical requirements (see the wiki for details) aimed at improving security and the user experience that all InCommon Federation participants must meet during 2021:
- Each Identity Provider and Service Provider will secure its connection endpoints with current and trusted encryption (specifically SSL Labs grade of A)
- All Identity Providers and Service Providers will comply with the SIRTFI international security response framework
- All Identity Providers will include an error URL in metadata
InCommon operations will generate reports every two weeks to those organizations with identity providers and/or service providers that do not adhere to the expectations. The deadline for meeting the expectations is July 19, 2021. Those with questions or needing assistance should email firstname.lastname@example.org.