GrIDP: Grid IDentity Pool Federation



Similar documents
Provisioning and deprovisioning in an identity federation

Federation Operator Practice (FOP): Metadata Registration Practice Statement

XCEL ENERGY S ebill AND ebill PAYMENT TERMS OF USE

How to Transfer Domain Names and Get an Authorization Code

Trustis FPS Healthcare Certificate Services Enrolment Requirements Acceptable Evidence in Support of an Application for a Digital Certificate

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

IGI Portal architecture and interaction with a CA- online

Any owner or authorized signer of any Account may obtain a separate Access ID and Password for access to such Account.

Kroger Supplier Information Management System (SIM) Training Documentation

Domain Registration/Domain Transfer/Domain Renewal Contract TERMS OF SERVICE

Exception: If the player is already in possession of a FIBA Identity Card, the card number should be indicated on the list.

AMAA Distribution Standards

Application for Registration. Tender Counterparty. Government Securities Tenders

CALL FOR TENDERS AND CONTRACT AWARD PROCEDURE FOR ELECTRICITY SUPPLY CONTRACTS OF ONE YEAR AND LESS

TERMS AND CONDITIONS OF THE BILL PAYMENT SERVICE

Clevertar Privacy Policy

SAML Single-Sign-On (SSO)

Galveston College Wireless Network Users Setup Guide Version 1.0

Web Application Access

Danske Bank Group Certificate Policy

Section 10: Fair Credit Reporting Act (FCRA) Policy

Eskom Registration Authority Charter

Credentials Policy Manual. Reviewed & Approved by MEC 8/13/2012 Reviewed & Approved by Board of Commissioners 9/11/12

FLORIDA SOCIETY OF MEDICAL ASSISTANTS An Affiliate of the American Association of Medical Assistants

You may have to accept additional terms and conditions for certain services you may wish to utilize within the Account Center.

User Account Management

AUDIENCE REWARDS CREDIT CARD REWARDS PROGRAM TERMS AND CONDITIONS

Southwest National Bank Internet Banking Agreement

SPEEDWAY CREDIT CARD REWARDS PROGRAM TERMS AND CONDITIONS

RIPE Database Terms and Conditions

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

HBF ANCILLARY PROVIDER REQUIREMENTS

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING

TIB 2.0 Administration Functions Overview

IAM, Enterprise Directories and Shibboleth (oh my!)

Online Banking Agreement

Peoples Online Services and E-Sign Agreement

Transnet Registration Authority Charter

National Stock Exchange, Inc. Waive-In Equity Trading Permit Holder Application

Implementation Rules of the China Internet Network Information Center for Domain Name Registration (2012)

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

DSS Data Exchange Task Card 1 How to access the DSS Data Exchange

British Dietetic Association (BDA) Membership Bylaws As approved by the Council of The British Dietetic Association on 13 th January 2015.

Single Sign On at Colorado State. Ron Splittgerber

Provider OnLine. Log-In Guide

Authorized Subscribers

Ford Motor Company CA Certification Practice Statement

Class 3 Registration Authority Charter

UnityLink Online Money Transfer Terms and Conditions

Government of India Ministry of Communications & Information Technology Department of Electronics & Information Technology (DeitY)

The sponsorship management system (SMS) manuals. Step by step guide for sponsors. Manual 1 of 12: Introduction to SMS

Federated Identity Management

Certification Practice Statement

Group Management Server User Guide

Registration Policy. 9 July Powered by. A Bombora Technologies Company

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

Microsoft Office 365 Using SAML Integration Guide

PROMEDICA FEDERAL CREDIT UNION 2301 W. Central Avenue Toledo, OH (419)

Active Directory Self-Service FAQ

UNIVERSITY OF DETROIT MERCY COLLEGE OF HEALTH PROFESSIONS MCAULEY SCHOOL OF NURSING

the form as set out. Full Economic Costing is not payable on these awards. Retrospective application (where the individual has already commenced

SAML Profile for Privacy-enhanced Federated Identity Management

ONLINE BILL PAY QUICK REFERENCE GUIDE

Identity Cards Act 2006

International Transfer Request Assessment Policy

Internet Authentication Procedure Guide

To this end ERCI fully endorses and adheres to the Principles of Personal Data Protection Act (2012). 1. The Purpose:

General Membership Handbook

GP webpay: Practical Examples

ABFAB and OpenStack(in the Cloud)

Fees For IB Asia Pacific Professional Development Fees and Conditions, please click here [+]

PARALEGAL PRACTITIONERS RULES 2015

RealMe. Technology Solution Overview. Version 1.0 Final September Authors: Mick Clarke & Steffen Sorensen

Domain Name Registration/Renewal/Transfer Service Terms & Conditions

AGILEXRM REFERENCE ARCHITECTURE

TITLE C193 BUSINESS CREDIT CARDS POLICY AND PROCEDURES DEPARTMENT POLICY

.eu Domain Name Registration. Terms and Conditions

Transcription:

GrIDP: Grid IDentity Pool Federation WebSSO Identity Providers Appendix Authors Marco Fargetta, Roberto Barbera Last Modified 24 August 2015 Version 2.2 Based on COFRE WebSSO Identity Providers Organizations Appendix v. 2.0 This work is licensed under a Creative Commons Attribution-ShareAlike3.0 Unported License.

Table of Contents 1. Definitions and Terminology... 3 2. Introduction... 3 3. WebSSO Identity Provider Obligations... 3 3.1. Obligations and Rights of Federation Operators... 3 3.2. Obligations and Rights of Identity Providers... 4 4. Eligibility... 5 5. Amendment... 5

1. Definitions and Terminology Definitions and terminology used in this document: Attribute Authentication Authorization End User Federation Federation Operator Federation Member Identity Provider or IdP Identity Management Service Provider or SP or Resource Federation Metadata Discovery Service A piece of information describing a characteristic of an entity (in this context of the End User), his/her properties or roles in an Organization. Process of proving the identity of a previously registered End User. Process of granting or denying access rights to a service for an authenticated End User. Any natural person affiliated to an Identity Provider, e.g. as an employee, researcher or student. Identity federation. An association of organizations that come together to exchange information as appropriate about their users and resources to enable collaborations and transactions. Organization providing Infrastructure for Authentication and Authorization to Federation Members. An organization that has joined the Federation by agreeing to be bound by the Federation Policy in writing. Within the federation framework, a Federation Member can act as an Identity Provider and/or a Service Provider. A service managed by an entity with which the End User is affiliated. It is responsible for authenticating the End User and managing End Users digital identity data. Process of issuing and managing end users digital identities. A service an entity is offering to the End User. Service Providers may rely on the authentication outcome and attributes that Identity Providers assert for its End Users. SAML/XML file which contains information about Federation Members. Service used by Services Providers to manage a list of available Identity Providers of the Federation enabled to perform the authentication for the service. 2. Introduction This document describes the points implied in the WebSSO Identity Providers application process. 3. WebSSO Identity Provider Obligations 3.1. Obligations and Rights of Federation Operators The GrIDP Federation is jointly managed and operated by the Division of Catania of the Italian National Institute of Nuclear Physics (hereinafter referred to as INFNCT ) and by the Department of Physics and Astronomy of the University of Catania (hereinafter referred to as UNICT-DPA ). The Federation central services are hosted at GARR, the Italian National Research and Education Network.

In addition to what is stated elsewhere in the Federation Rules, INFNCT and UNICT-DPA are responsible for: Secure and trustworthy operational management of the Federation Metadata and Discovery Services. Publish the information about the Attributes needed by Services Providers. 3.2. Obligations and Rights of Identity Providers In addition to what is stated elsewhere in the Federation Rules, if a Federation Member is acting as an Identity Provider, it: Is responsible for managing authentication credentials for its End Users and for authenticating them, as may be further specified in Level of Assurance Profiles; Should submit its Identity Management Practice Statement to INFNCT and UNICT-DPA, who in turn make it available to other Federation Members upon their request. The Identity Management Practice Statement is a description of the Identity Management life-cycle including a description of how individual digital identities are enrolled, maintained and removed from the identity management system. The statement must contain descriptions of administrative processes, practices and significant technologies used in the identity management life-cycle, which must be able to support a secure and consistent identity management life-cycle. Specific requirements may be imposed by Level of Assurance Profiles; Operates a helpdesk for its End Users regarding Federation services related issues. Identity Providers are encouraged to maintain a helpdesk for user queries at least during normal officehours in the local time zone. Identity Provider Organizations must not redirect End User queries directly to INFNCT and/or UNICT-DPA, but must make every effort to ensure that only relevant problems and queries are sent to INFNCT and/or UNICT-DPA by appropriate Identity Provider contacts; Is responsible for assigning Attribute values to the End Users and managing the values in a way which ensures they are up-to-date; Is responsible to releasing the Attributes to Service Providers; Is responsible for keeping its metadata up-to-date; Must send a list of Services Providers which it is related to if there is an intention of cancelling its membership. Additionally, if the users enrolled in the Identity Provider are not strictly related to the organisation providing the service but the Identity Provider accepts homeless users, the organisation: Is responsible for the correct association between organisations and users; Should verify the validity of the Attribute Values of the End User, at least once a year. The organisation should apply a policy forcing the End User to validate their Attribute or they will expire with the subsequent lock of the End User account.

4. Eligibility Identity Providers can apply for membership at any time by submitting a specific application form available on the GrIDP website. Their applications will be evaluated (either accepted or denied) within 15 days against the following criteria: completeness, consistency of the documentation; installed certificates; the accuracy of the Service registration in the Federation; the proper working of the Service; the consistency with the information provided through the request forms. Upon acceptance, the Organisation receives exclusively to the provided email addresses the countersigned documents. If rejected, the Organisation is notified with the reason of the refusal. 5. Amendment INFNCT and UNICT-DPA have the right to amend the Federation Rules from time to time. Any such changes need to be reviewed and shall be communicated to all Federation Members via email at least 90 days before they enter into force.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information