REFEDS offers a wide range of advice and guidance on best practice for research and education federations.  This space is divided into the following sections:

Value Proposition

REFEDS has created a document describing The Value Proposition for Identity Federations.  This is a good place to start if you are considering implementing an identity federation and need more background information and support.

Business Case

JISC created a Business Case document to help Identity Providers make the case internally for the work required to implement SAML.  The document was written at the beginning of the UK Access Management Federation but is still valid and a valuable resource.
The Jisc Identity Management Toolkit may also be a useful resource.

Policy Template

The GÉANT project created a Federation Policy Template to help new and emerging federations quickly understand the requirements for federation policy and to support an interoperable approach to policy creation and implementation.  Federations are encouraged to use this template.
A downloadable version for editing is also available.

Metadata Registration

Understanding the Metadata Registration Practices of federations is key to understanding the trust framework for the federation. REFEDS and GÉANT have created a template Metadata Registration Practice Statement and federations are encouraged to use this template.  This statement is a requirement for federations joining eduGAIN:  MRPS-templatev1.1.pdf (pdf) and Markdown format on Github.

Discovery Best Practice

One of the challenges for multilateral federation is "finding" your Identity Provider.  REFEDS has gathered a number of resources over the years to help Discovery Best Practice.

Authorization Best Practice

How can entities do authorization correctly in a federated environment? We've put together some authorization best practice guidance. 

Cloud Services

This document offers a set of recommendations on how vendors of cloud services and institutional customers should engage with each other to support federated identity.

  • No labels