March 17, 2020
The InCommon Community Trust and Assurance Board (CTAB) has proposed three additions to Baseline Expectations for Trust in Federation. Last year, InCommon participants adopted the original Baseline Expectations to provide a baseline for trust and make collaboration more predictable.
InCommon participants are asked to review and comment on the proposed additions (details are in the Baseline Expectations wiki).
- All service endpoints must be protected with current and trusted encryption (TLS).
- All entities must conform with the REFEDS Security Incident Response Framework v1.0 when handling security incidents involving federation participants.
- All Identity Providers must include a valid errorURL in published metadata.
Comments will be taken through May 15, 2020. To join the discussion and make your voice heard, subscribe to the Baseline Expectations consensus discussion list by sending email to email@example.com with the subject: subscribe be-consensus.
We are particularly interested in comments and assessments of the impact on your operations of implementing the proposed requirements, as well as your views on the contribution of these requirements to improved assurance and interoperability.
Here are some resources and background information on Baseline Expectations.
- Baseline Expectations overview
- Community Consensus Process description
- Baseline Expectations wiki, with more details on the three proposals
After May 15, CTAB will review the comments and finalize the requirements. The proposal then goes to the InCommon Steering Committee. Upon approval, the requirements will become mandatory for all participants.