Versions Compared

Old Version 14

changes.mady.by.user Alex Stuart

Saved on

compared with

New Version 15

changes.mady.by.user Alex Stuart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Change Entity Attribute to Assurance Certification - it's clearer

...

specification nametypeURIdoisupporting material
Research and Scholarship (R&S) v1.3Entity Categoryhttp://refeds.org/category/research-and-scholarship  
DOI
https://wiki.refeds.org/display/ENT/Research+and+Scholarship
Hide From Discovery v.1Entity Categoryhttp://refeds.org/category/hide-from-discovery
DOI

https://wiki.refeds.org/display/ENT/Hide+From+Discovery
Anonymous Access v.2Entity Categoryhttps://refeds.org/category/anonymous
DOI 
https://wiki.refeds.org/x/aQA2B
Pseudonymous Access v.2Entity Categoryhttps://refeds.org/category/pseudonymous
DOI
https://wiki.refeds.org/x/aQA2B
Personalized Access v.2Entity Categoryhttps://refeds.org/category/personalized
DOI 
https://wiki.refeds.org/x/aQA2B
Code of Conduct v.2Entity Category and Best Practicehttps://refeds.org/category/code-of-conduct/v2
DOI
https://refeds.org/category/code-of-conduct/
Sirtfi v1 & v2Entity AttributeAssurance Certification

https://refeds.org/sirtfi

https://refeds.org/sirtfi2

DOI
https://wiki.refeds.org/display/SIRTFI/SIRTFI+Home





MFA Profile v.1Profilehttps://refeds.org/profile/mfa
DOI
https://wiki.refeds.org/display/PRO/MFA
SFA Profile v.1Profilehttps://refeds/org/profile/sfa
DOI
https://wiki.refeds.org/display/PRO/SFA
Error Handling v.1Profilehttps://refeds.org/specifications/errorurl-v1
DOI
https://wiki.refeds.org/display/PRO/Error+Handling+URL+Profile





Security ContactMetadata Extensionhttp://refeds.org/metadata/contactType/security
DOI
https://wiki.refeds.org/display/SIRTFI/SIRTFI+Home





Baseline Expectations v.1Frameworkhttps://refeds.org/baseline-expectations
DOI
https://wiki.refeds.org/display/BASE
Assurance v.1Frameworkhttps://refeds.org/assurance
DOI
https://wiki.refeds.org/display/ASS/Assurance+Home

...

  • Entity Category, defined in RFC8409, is a metadata 'label' applied to identity providers or services which signal that they belong to the category which is described in the Entity Category specification. Metadata consumers which understand the Entity Category can alter their behaviour depending on the categories that the entity belongs to. Entity Categories may be used to signal commonly used attribute requirements, or commitment to a certain set of behavioural rules. Taking "Hide from Discovery" as an example: identity providers in this category do not want to be listed by default in discovery services; metadata consumers may be service providers that build their own discovery interfaces, or the metadata consumer may be a third party discovery service.
  • Entity Attribute are metadata labels applied to either Assurance Certification, defined in SAML V2.0 Identity Assurance Profiles Version 1.0, is a metadata label which can be applied to identity providers or services to signal assurance certificationsthat the entity conforms to the requirements of an identity assurance framework. The Assurance Certification can be self-asserted, or require validation by the registration authority (federation). An entity may conform to more than one Assurance Certification.
  • Profiles, which define a standard to signal certain behaviour in a federated authentication transaction, and how to respond to such a request.
  • Metadata Extension, provide an extention to existing metadata profiles.
  • Frameworks, are currenlty basically assurance frameworks, which provide a structured means of describing or defining the main sources of assurance provided within the federation by the member entities or the federation itself.

...

  • Entity Category: Grouping of entities is typically done via a:
    • Trust Anchor or an Intermediate. All entities with similar behavious are members of the same intermediate (or trust anchor)
    • Trust Mark could also be used. A trust mark is created by a trust mark owner.
      • The trustmark owner must be trusted and listed as such by the federation TA
      • A Trust Mark may be self issued.
  • Entity Attribute Assurance Certification Signalling assurance certifications is done using so called Trust Marks.
  • Profiles, signalling certain behaviour as part of a transaction is generally covered in the underlying standards like OpenID Connect and OAuth 2.0. The capablity for signalling is often available, however the semantics may need to be adopted
  • Metadata Extension, provide an extention to existing metadata profiles is allowed in the OpenID Federation specification. For broad acceptance and implementation of an extention it may be needed to engage with the OpenID Foundation, e.g. via de RandE working group
  • Frameworks, are currenlty basically assurance frameworks, which provide a structured means of describing or defining the main sources of assurance provided within the federation by the member entities or the federation itself.

...