Federation Policy Best Practise Approach

Whether starting a new research and education federation or reviewing your existing policies it is useful to be able to learn from other federations and for federations to be as compatible with each other as possible for ease of cross-membership. This work has been undertaken by REFEDs to review all current federation policies and make suggestions for compatible approaches and best practise. The work makes no attempt to provide legal advice or guidance, but seeks to find commonality of approach.

The following federation policies have been reviewed as part of this work.

Current Analysis:

Available here as an excel spreadsheet.

 


1. General Approach

 

1.1 Document Suite

It is unlikely that you will want to have just one single document to describe your federation to its members. Most federations will have some combination of the following:

The last 2 may be separate entities on a federation operator website, or form part of one of the other documents.

Whatever approach towards your document 'set' that you take, it is recommended that you reference the location of all of the above within your core policy document.

1.2 What's in a Name?

There is little consistency as to what the federation 'policy' is called within federations. At the moment, the most common terms used are:

1.3 Language

It is recommended that you make your federation policy and indeed all of your core federation documents available in English as well as in appropriate local language(s). Many Service Providers will only be able to engage with documents in English, and a translation process will slow down membership uptake.

 

1.4 Signatures

Federation's follow different processes to ensure that the policy is signed. This includes:

You will need to decide which process you follow, and this may impact on decisions regarding document structure and approach.


 

2. Policy Content

This work proposes a set of common content blocks that you may want to consider when writing your federation policy. Within each of these blocks, we have suggested a set of elements that are commonly included. A mapping document has also been created that shows how and where existing federation policies address each content block and element set.

It is recommended that you keep elements within the proposed content block. Although it can be tempting to repeat concepts to reinforce, this does not add to federation policy in any meaningful sense and makes the job of understanding your policy harder for potential users.

The current content blocks used within federation policy fall in to the 3 broad sections:



A: STUCTURE. GENERAL INFORMATION ABOUT HOW YOUR FEDERATION WORKS

 

  1. RFC2119.
  2. Definitions.
  3. Background and Purpose.
  4. Governance.
  5. Eligibility.
  6. How to Join.
  7. How to Withdraw.

 



B: TERMS OF USE. WHAT EVERYONE IS ALLOWED AND NOT ALLOWED TO DO

 

  1. Terms of Use (IdP).
  2. Terms of Use (SP).
  3. Termination / Dispute Resolution.
  4. Logging. is this a TOUI/S?
  5. Data Protection. is this a TOUI/S?
  6. Audit. is this an operator right/ role?
  7. Use of Attributes. is this a TOUI/S?
  8. Operator Rights / Role.
  9. Interfederation / Publish rights. is this an operator right/ role?

 



C: LEGAL. ALL THE LEGAL STUFF

 

  1. Liability.
  2. Jurisdiction and Legal.
  3. Fee schedule.
  4. Copyright.

 


 

3. Content Blocks

Not all content blocks are used by all federations. Each of the blocks is described in turn below, with recommendations about how and why you might consider using this information in your federation policy. As a general rule, sections A and C are fairly quick and easy to put together whereas the details in section B will take more consideration.

A1: RFC2119 Description

Short Name2119
TitleRFC2119
DescriptionRFC2119 is a specification used by the IETF to explain how key words such as 'MUST', 'REQUIRED' etc. should be interpreted.

The full specification can be found here: [1]. Federations that use this convention reference the specification in their Structure section.

SectionA: Structure
UseOptional, recommended if you decide to use the convention within your policy document.
Suggested lengthOne sentence

 

Example Wording:

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted 
as described in RFC2119, see http://www.ietf.org/rfc/rfc2119.txt.


Federations Using:

ACOnet, SWAMID.


 

 A2: Definitions


Short NameDEFI
TitleDefinitions
DescriptionMany federations chose to include a definitions section where certain words are explained and expanded.

This can help shorten references and explanations elsewhere in the policy text.

SectionA: Structure
UseOptional. It is worth considering if these explanations add real value and additional meaning to the words if taken out of the document.
Suggested lengthUp to one page.

 

Example Wording:

Work to do, look at common definitions used in definition sections.


Federations Using:

AAF, CAF, Edugate, eduID, FEIDE, Gakunin, Haka (appendix) Renater, UK federation, WAYF.


 

A3: Background

Short NameBACK
TitleBackground and Purpose
DescriptionBackground information about the federation and the policy structure and purpose.
SectionA: Structure
UseThe background section of the policy as an introduction both to the federation and to the policy approach being taken by the federation.
Suggested lengthtwo to three paragraphs.

Example Wording:

This wording matches that used in the GEANT Policy Template.

An Identity Federation (Federation) is an association of organizations that come together to exchange information, as appropriate, about their users and 
resources in order to enable collaborations and transactions. 
The [enter federation name] identity federation (the Federation) is introduced to facilitate and simplify the introduction of shared services across the 
Federation. This is accomplished by using Federation Technologies to extend the scope of a Digital Identity issued by one Member of the Federation to be 
valid across the whole Federation. The Federation relies on participating Home Organizations to correctly and accurately assert information about the 
identity of its End Users to participating Service Providers, that will use that information to grant (or deny) access to the services and resources they 
offer to End Users. 
The Federation Policy document defines the Federation by defining the procedures and practices which allows participating organizations to use available
Federation Technologies for electronic identification and for access to authorization information about End Users in the Federation. 
This document, together with its appendences constitutes the Federation Policy document.

Full Examples of Background Wording

Federations Using:

ACOnet, AAF, CAF, eduID.cz, WAYF, HAKA, Renater, EduGate, Gakunin, FEIDE, RCTSAAI, SWAMID, UK federation, InCommon.


 

A4: Governance

Short NameGOVE
TitleGovernance
DescriptionGovernance arrangements for the federation identifying responsibilities
SectionA: Structure
UseThe section is used to describe the governance arrangements for the federation, including the lines of decision making responsibility. The wording for this area will depend very much on the funding arrangements for the individual federation and the governance structure indicated by the funding. The words 'board', 'steering group', and 'advisory group' are used across different federations to expose different responsibility levels.
Suggested lengthUp to five paragraphs.

Example Wording:

This wording matches that used in the GEANT Policy Template.

The governance of the Federation is delegated to the *enter governing body name*. The *enter governing body name* is responsible for:
*adjust the following list so it fits your needs, the list below is just an example!*
•	deciding on whether to grant or deny an application for membership in the Federation
*-or-* 
•	advisory capacity on whether to grant or deny an application for membership in the Federation
•	deciding on whether a Member is entitled to act as Home Organization
*-or-* 
•	advisory capacity on whether a Member is entitled to act as Home Organization
• 	revoking the membership if a Member is in a breach of the Policy
•	advisory capacity with regard to long-term federation strategy
• 	deciding on entering into interfederation agreement
•	maintaining formal ties with relevant national and international organisations 
•	approving changes to this document


 Full Examples of Governance Wording

Federations Using:

ACOnet, AAF, eduID.cz, HAKA, Renater,edugate, Gakunin, FEIDE, RCTSAAI, SWAMID, UK federation, InCommon


 

A5: Eligibility

Short NameELIG
TitleEligibility
DescriptionDescription of eligibility for membership within the federation.
SectionA: Structure
UseThis section points members in the direction of the federation's eligibility statement. It is recommended that you DO NOT include full details of who is eligible within the document, but maintain this elsewhere so it can be more easily updated. This may be held on the federation website, or in the Federation Operator Practice document.
Suggested lengthone paragraph, linking to external source.

Example Wording:

This wording matches that used in the GEANT Policy Template.

The Federation sets out eligibility criteria that determines who is able to become a Member of the Federation.  The criteria is fully 
described [state where eligibility criteria is held].    Responsibility for setting membership criteria rests with the governing body of the Federation and may be  
revised from time to time.  

Full Examples of Eligibility Wording

Federations Using:

ACOnet, AAF, CAF, eduID, HAKA, Federation Recherche, Gakunin, RCTSAAI, SWAMID, UK federation, InCommon

 


 

A6: How to Join

Short NameJOIN
TitleHow To Join
DescriptionInformation for participants on joining the federation.
SectionA: Structure
UseThe How To Join section should briefly record what the first step is to become a member of the federation - it should not include every step needed in order to join the federation - it defines what is the act that is considered to start a membership request. It should also reference the full process description elsewhere - preferably on the federation website. It should also briefly mention what happens if an application is not accepted, and who should make that decision.
Suggested lengthOne to two paragraphs.

Suggested Wording:

In order to become a member of the Federation an organization formally applies for membership. Detailed information and application forms are 
published [state where published].  The Federation operations team evaluates each membership application. The evaluation process involves 
checking if the applying organization fulfills the eligibility requirements for the Federation.  The Federation operations team communicates 
acceptance or denial of the membership application to the applying organization in written form, including the reason for denying the application 
(if applicable).

Full Examples of How To Join Wording

Federations Using:


 

A7: How to Withdraw

Short NameWITH
TitleHow to Withdraw
DescriptionDescribes how any participant may willingly withdraw from the federation.
SectionA: Structure
UseThis section should be used to describe how any participant in the agreement can voluntarily withdraw from the federation. This is separate from termination, which is documented elsewhere.
Suggested lengthtwo paragraphs

Example Wording:

This wording matches that used in the GEANT Policy Template.

A federation Member may cancel its participation in the Federation at any time by sending a request to the Federation Operator. A cancellation of 
participation in the Federation implies the cancellation of the use of all Federations Technology Profiles for the organization within 20 days of notice 
being given. 
The Federation Operator may cancel its participation in the Federation by announcing the termination date to the federation Members. Until 
termination date, Federation Operator shall run the Federation on best effort basis. After the termination date, Federation Operator shall cancel 
the use of all Federations Technology Profiles for all Members. 

Full Examples of How to Withdraw Wording

Federations Using:

ACOnet, AAF, eduID, WAYF, HAKA, Federation Recherche, edugate, SWAMID, UK federation, InCommon