...
Sirtfi compliance is expressed with the use of the Entity Attribute “urn:oasis:names:tc:SAML:attribute:assurance-certification” holding the value https://refeds.org/sirtfi in an entity’s metadata as seen below:
| Code Block |
|---|
<EntityDescriptor <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ...> <md:Extensions> <Extensions> <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <attr:EntityAttributes><saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"> <saml:AttributeValue>https://refeds.org/sirtfi <sirtfi</saml:AttributeValue> </saml:Attribute> </attrmdattr:EntityAttributes> </md:Extensions> ... </md:EntityDescriptor> |
Security Contact
A security contact element is added in every Entity that asserts Sirtfi compliance as seen below:
| Code Block |
|---|
<ContactPerson<md:ContactPerson xmlns:remdmd="http://refeds.org/urn:oasis:names:tc:SAML:2.0:metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security" remd:contactTypexmlns:remd="http://refeds.org/metadata/contactType/security"> <md:GivenName>Security <GivenName>Security Response Team</md:GivenName> <EmailAddress>mailto<md:EmailAddress>mailto:security@xxxxxxxxxxxxxxx</md:EmailAddress> </md:ContactPerson> |
Multiple EmailAddress tags may be defined, should an organisation wish to add both a generic email address and an individual.
This contactType has been defined within the REFEDS XSD Metadata Extension Schema.
[1] http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html
[2] http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-assurance-profile.pdf
Coordinating Adoption
During the process of Sirtfi adoption, federation operators should anticipate providing support to entities.
...