Canadian Access Federation: Trust Assertion Document (TAD)



Similar documents
Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

Evaluation of different Open Source Identity management Systems

SAML SSO Configuration

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Federated Identity Management

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Integrating Multi-Factor Authentication into Your Campus Identity Management System

IGI Portal architecture and interaction with a CA- online

Perceptive Experience Single Sign-On Solutions

Glossary of Key Terms

Privacy Policy and Notice of Information Practices

SAML Authentication within Secret Server

PRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION

Provisioning and deprovisioning in an identity federation

WebNow Single Sign-On Solutions

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

SAML Federated Identity at OASIS

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

The Top 5 Federated Single Sign-On Scenarios

CAS s IDP system and resources in Education Cloud

Shibboleth N-Tier Support. Chad La Joie

Adding Federated Identity Management to OpenStack

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Swivel Secure and the Cloud

Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements

HP Software as a Service

CHAPTER 1 INTRODUCTION

Introduction to SAML

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

Client Security Risk Assessment Questionnaire

Architecture Guidelines Application Security

This way, Bluewin will be able to offer single sign-on for service providers within the circle.

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

Flexible Identity Federation

Authentication Integration

ISO COMPLIANCE WITH OBSERVEIT

Authorized. User Agreement

HP Software as a Service. Federated SSO Guide

Extending DigiD to the Private Sector (DigiD-2)

How To Ensure Health Information Is Protected

Authentication and Single Sign On

OIX IDAP Alpha Project - Technical Findings

Certification Report

Merit Cloud Media User Guide

Profound Outdoors Privacy Policy

An SAML Based SSO Architecture for Secure Data Exchange between User and OSS

Connecting Web and Kerberos Single Sign On

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Secure Agent Quick Start for Windows

Single Sign-On: Reviewing the Field

Miami University. Payment Card Data Security Policy

How To Use Saml 2.0 Single Sign On With Qualysguard

Designing federated identity management architectures for addressing the recent attacks against online financial transactions.

Single Sign-on to Salesforce.com with CA Federation Manager

SAML-Based SSO Solution

University of Pittsburgh Security Assessment Questionnaire (v1.5)

SAML Security Option White Paper

M&T BANK CANADIAN PRIVACY POLICY

Authentication Methods

The Essential Security Checklist. for Enterprise Endpoint Backup

The increasing popularity of mobile devices is rapidly changing how and where we

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

PARTNER INTEGRATION GUIDE. Edition 1.0

Wellesley College Written Information Security Program

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Shipping Services Files (SSF) Secure File Transmission Account Setup

Clevertar Privacy Policy

Transcription:

Participant Name:_Cengage Gale_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants receiving an attribute assertion protect it and respect privacy constraints placed on it by the asserting Participant. To accomplish this practice, CANARIE requires Participants to make available to all other Participants answers to the questions below. 1.1 Canadian Access Federation Requirement Currently, the community of trust is based on best effort and transparency of practice. Each Participant documents, for other Participants, their identity and access management practices, which they can confidently meet. Each Participant should make available to other Participants basic information about their identity management system and resource access management systems registered for use within the Canadian Access Federation. The information would include how supported identity attributes are defined and how attributes are consumed by services. 1.2 Publication Your responses to these questions must be: 1. submitted to CANARIE to be posted on the CANARIE website; and 2. posted in a readily accessible place on your web site. You must maintain an up-to-date Trust Assertion Document.

2. Canadian Access Federation Participant Information 2.1.1. Organization name: Cengage Learning 2.1.2. Information below is accurate as of this date: 10/24/2012 2.2 Identity Management and/or Privacy information 2.2.1. Where can other Canadian Access Federation Participants find additional information about your identity management practices and/or privacy policy regarding personal information? http://www.cengage.com/privacy 2.3 Contact information 2.3.1. Please list person(s) or office who can answer questions about the Participant s identity management system or resource access management policy or practice. Name: Gary Pollack Title or role: Vice President Customer & Partner Solutions Email address: gary.pollack@cengage.com Telephone: 248-699-8129 CANARIE Inc. - Canadian Access Federation Service Page 2 of 5

3. Service Provider Information Service Providers, who receive attribute assertions from another Participant, shall respect the other Participant's policies, rules, and standards regarding the protection and use of that data. Such information must be used only for the purposes for which it was provided. Service Providers are trusted to ask for only the information necessary to make an appropriate access control decision, and to not misuse information provided to them by Identity Providers. Service Providers must describe the basis on which access to resources is managed and their practices with respect to attribute information they receive from other Participants. 3.1 Attributes 3.1.1. What attribute information about an individual do you require in order to manage access to resources you make available to other Participants? Describe separately for each service application that you offer to CAF participants. Access to our resources could be with no attribute assertion or scope or common/specific entitlements. Based on the need of the IDP we can configure accordingly 3.1.2. What use do you make of attribute information that you receive in addition to basic access control decisions? We do not use the attributes to any other purpose other than access control decisions. 3.1.3. Do you use attributes to provide a persistent user experience across multiple sessions? No. 3.1.4. Do you aggregate session access records or record specific information accessed based on attribute information. No 3.1.5. Do you make attribute information available to other services you provide or to partner organizations? No 3.2 Technical Controls 3.2.1. What human and technical controls are in place on access to and use of attribute information that might refer to only one specific person (i.e., personally identifiable information)? For example, is this information encrypted for storage in your system? We do not need any personally identifying information for access control in our system. The scope or common/specific entitlements are not stored in our system. CANARIE Inc. - Canadian Access Federation Service Page 3 of 5

3.2.2. Describe the human and technical controls that are in place on the management of superuser and other privileged accounts that might have the authority to grant access to personally identifiable information? Not applicable. We do not store personally identifiable information. 3.2.3. If personally identifiable information is compromised, what actions do you take to notify potentially affected individuals? Not applicable. We do not store personally identifiable information. CANARIE Inc. - Canadian Access Federation Service Page 4 of 5

4. Other Information 4.1 Technical Standards, Versions and Interoperability 4.1.1. Identify the SAML products you are using. If you are using the open source Internet2 Shibboleth products identify the release that you are using. Shibboleth SP 2.5 4.1.2. What operating systems are the implementations on? SUSE Linux Enterprise Server 10.3 4.1.3. What versions of the SAML protocol (1.1 or 2.0) do you support in your implementations. 4.2 Other Considerations SAML 1.1 - We support this SAML 2.0 - We support this 4.2.1. Are there any other considerations or information that you wish to make known to other Canadian Access Federation Participants with whom you might interoperate? For example, are there concerns about the use of clear text passwords or responsibilities in case of a security breach involving identity information you may have provided? CANARIE Inc. - Canadian Access Federation Service Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information