The following questions have been proposed alongside questions used in previous years.
|Decision on Inclusion
What are the baseline requirements that IdPs and SPs must meet to be included in your federation?
What is the method by which you enforce these baseline requirements?
This is a bit difficult to capture meaningfully in a survey and interpret results. Perhaps we could make this about the template MRPS? i.e. do you follow the template, comply with all the questions, not follow?
Include but about MRPS
If you don't currently populate hints for IdP entities (eg email domain, lat/long coordinates) do you have plans to do so?
Probably need to break this down into different areas. Need to look at the differences between enforcing IdPs to populate or not.
Include but look at scope of questions
|Do you have a clear, accessible set of requirements for SP to operate in your federation? (ease on-boarding)
Again this is a bit difficult to capture and I am not sure what we would do with the output.
|Do you offer a central/subscription service for those organisations that may not have skills for operating an IdP?
Simple to add - include
|Do you have a defined policy for SPs to talk to IdP operators?
|In terms of incident response or more generally? Need more information here
Most federations still publish SAML1 endpoints.
Possible question: Does your federation have any plans or goals to stop publishing SAML1 endpoints for SPs and IdPs?
Background: In eduGAIN, all entities with SAML1 only endpoints disappeared! But there are still several active SPs known that default to SAML1 instead of issuing proper SAML2 authentication requests. It would be great if we could get rid of all these SAML1 endpoints.
What kind of services are most actively engaging with your federation e.g. cloud, campus infrastructure, library/journals, e-learning platforms. Something along that line but better formed.
Which sort of service type is dominant if any. This is *sort of* available in metadata but not - we can only see if they are present, not degrees of activity or support workload for federations.
Could make this a rough percentage of makeup of federation? less than 10% etc.
|Does your federation have a training and development programme for new staff (thinking of the Identity professionals work that is springing up). Do you see any gaps here?
|Does your federation collect usage statistics? Complete/partial/not at all. Why?
|i have collated this information separately, no need to ask again as things haven't changed much
What is the "mission" of your federation? [Related to "what services do you focus on?" in 2015 survey.
|included but not sure
|Do your operations fully support current REFEDS entity categories? When a new entity category is defined by REFEDS, how long do you need to enable operational support for it?
|Maintain question from 2017
|Do you have a security incident response plan? Does it include coordination with security incident responders for member organisations connected with the incident? [A related question was asked in the 2015 survey.]
What determines which edugain entity metadata you provide to each of your federation's members?
|Are there conditions under which you would remove an entity from your federation, other than in the course of managing a security incident?