Page History
Die folgenden Dokumente konstituieren oder beschreiben die The following documents constitute and formally describe the ACOnet Identity Federation:
- Die The ACOnet Identity Federation Policy bindet alle Teilnehmnerinnen an die darin enthaltenen Regeln und Dokumente.
- Um als Identity Provider (IdP) an der Federation teilzunehmen, muß zusätzlich zur ACOnet-Teilnahme eine Zusatzvereinbarung unterzeichnet werden.
- Um als Service Provider (SP) an der Federation teilzunehmen, muß lediglich das SP-Agreement unterzeichnet werden.
- ACOnet-Teilnehmer, können mit derselben Zusatzvereinbarung auch SPs betreiben, unterzeichnen also nie das SP-Agreement.
- In den Technology Profiles werden konkrete Services der Federation spezifiziert:
- Das ACOnet Metadata Registration Practice Statement (MDRPS; auch als PDF und rst-Quellcode) beschreibt, wie SAML Entities registriert werden.
(In erster Linie dient dies anderen Identity Federations, die evtl von ACOnet registrierte SAML Entities benutzen wollen, um die Prozesse vergleichen und einschätzen zu können.) - Identity Management Practice Statements (IDMPS; für Betreiber von IDPs) werden von Betreibern von IdPs erwartet, damit andere Federation Teilnehmer deren IdM-Prozesse (und ausgestellte elektronische Identitäten) einschätzen und beurteilen können.
- spells out the rules governing the Federation and is binding for all federation members.
- To join the Federation in an Identity Provider (IDP) role, i.e., to also expose user identities to the Federation, members must be ACOnet participants, and sign the supplemental agreement ("Zusatzvereinbarung") covering federation services. For ACOnet participants, the supplemental agreement also covers any Service Providers they may want to operate.
- To only supply services to existing IDPs in the Federation, i.e., acting solely in a Service Provider (SP) role, the SP-Agreement needs to be signed.
- Specific federation services are detailed in Technology Profiles, of which there are currently two:
- SAML Web SSO (the service is called eduID.at)
- eduroam
Info | ||
---|---|---|
| ||
See Membership for visual help with who needs to sign what, if you intend to join. |
Furthermore these practice and policy statements are relevant within eduID.at:
- The eduID.at Metadata Registration Practice Statement (MDRPS) describes the registration process for SAML entities. This is in order to support other Identity Federations in their judgment of whether to trust entities registered and exposed by the ACOnet Identity Federation.
- Institutions operating Identity Providers within the Federation are expected (SHOULD, in the policy) to provide an Identity Management Practice Statement (IDMPS) to allow other federation members to assess their IdM processes and therefore the quality of electronic identities issued by the institution.
- Operators of Service Providers are required (MUST, in the policy) to provide a Privacy Policy statement for each of their services, to inform subjects and institutions of their data processing practices, cf. the GÉANT Data Protection Code of Conduct support material.Privacy Statement (für Betreiber von SPs bzw. pro SP)
Overview
Content Tools
Tasks