Versions Compared

Old Version 7

changes.mady.by.user Pieter van der Meulen

Saved on

compared with

New Version 8

changes.mady.by.user Unknown User (urn:collab:person:surfnet.nl:eefje)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SURFnet operates a hub-and-spoke identity federation (SURFfederatieSURFconext) on behalf of educational and research institutions in the Netherlands.

This document describes the Registration practices for both Identity Providers and Service Providers, as well as information on metadata aggregation for EduGAIN.

1. Identity Provider Practices

1.1    Identity Provider Registration Practices
Only institutions that belong to the SURFnet target group may join SURFnet and thus join SURFfederatieSURFconext. The SURFnet target group consists of:

...

For an Identity Provider to join the SURFfederatieSURFconext, the following requirements must be met:

  • The institution must have signed the SURFfederatie SURFconext Identity Provider contract.
  • The institution must have passed technical validation to the SURFfederatie SURFconext test environment.
  • The institution must provide technical and administrative contact information.

...

1.2    Identity Provider Registration Practices for eduGAIN
There are no additional eduGAIN practices for Identity Providers.

2 Service Provider Practices

2.1    Service Provider Registration Practices
For a Service Provider to join the SURFfederatieSURFconext, the following requirements must be met:

  • The Service Providers must have signed the SURFfederatie SURFconext Service Provider contract.
  • The Service Provider must provide SURFfederatie SURFconext with a description of the service.
  • The Service Provider must provide SURFfederatie SURFconext with a description of the technical and administrative contact details.
  • The Service Provider must provide SURFfederatie SURFconext with the list of minimally required attributes for using the service.

...

  • SURFnet will only publish metadata to eduGAIN for Service Providers that are connected to the SURFfederatie SURFconext production environment.
  • The Service Provider must explicitly request to connect to eduGAIN through SURFfederatie SURFconext.
  • The Service Provider must provide eduGAIN compliant SAML 2.0 metadata to SURFfederatie SURFconext.
  • The metadata provided by the Service Provider that is re-published by SURFfederatie SURFconext to eduGAIN is updated by the SURFfederatie SURFconext operational team by request of the Service Provider. Service Providers can request an update of their metadata by contacting the SURFfederatie SURFconext operational team at federatiesurfconext-beheer@surfnet.nl.

SURFnet validates the Service Provider information including the attribute requirements, before accepting the Service Provider to the production environment.

...