Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SURFnet

Doc (in Dutch)

  • Simple (Single?) Sign On
    • How many systems/applications can be used with the account, authentication, identities in the organisation
  • Authorization
    • How many systems/applications can be authorized with the account, roles/groups, central or decentral, types of groups/roles, differenciate between identities
  • Source Identified source system
    • which/how many source systems are used, manual input with documentation, one leading system, add attributes/information for SP
  • Policies?
    • for authorization, authentication, provisioning, standardisation, FIM, privacy; responsibilities for them; architecture; security policy; password policy; lifecycle for accounts; how often is FIM updated; how often are policies updated; are those policies in use; monitoring and updating policies
  • Processes and procedures
    • processes for new users, rules for username and email, verification of the identity, lifecycle, process how data is given to a third party, process to generate new passwords, how often is the data updated, reviews and reports, conclusions from reports and reviews
  • Suitable IdP System
    • standardised, which standard, availability, when available
  • Quality of data/identities
    • correctness, completeness, change management of data, verification of data with external databases/systems
  • Implementation of processes and procedures
    • clearly described, monitoring, ?, legal entity?
  • Security
    • awareness, audits, intrusion tests, classified, actions, data protection, logfiles

...