Registration Practices Statement

Metadata registration practice statement

Federation Name: IIF
Federation Operator: IUCC, Israel
Federation Web Page: http://iif.iucc.ac.il
Date of last change: 2014/04/24

Common Practices

The IdP are IIF's customers from the research and education (R&E) community,
excluding the administrations and ministries of all levels.
The Services are any companies that offers a service or content that fulfills the
needs of IIF's R&E community members, respecting the defined policy.

All IdP and Services administrators connect via https and authenticate
via IIF Customer's AAI manually with IIF's Manager [1],
IIF Manager checks the original information and stores it in the Metadata
Manager's database. It is later used for generating the IIF's
metadata.

In addition, before the federation operator publishes metadata dedicated
for interfederation, an institution has first to declare that its
processes are ready for interfederation. Only then, its IdP and Service
administrators will be able to declare that their respective entity is
also technically ready to participate in interfederation.

Practices on Identity Provider Registration

An IdP registering to the federation needs to be manually approved by a team
member of the federation operator.
Such approval requires:
- a completed membership service agreement signed by official
representative(s) of the newly participating institution;
- elements and attributes to be registered must use a domain name of
that institution.

The administrators appointed specifically by that institution would then get
an access to the Metadata Manager service where they would upload the metadata
of the their IdP.

After the approval, the federation operator publishes and maintains the
federation's metadata.

Subsequent changes to these elements and attributes do not require
re-approval by the federation operator. Only, administrators appointed
specifically by that institution can modify the IdP specific information.

For interfederation, the entity must ask the federation operator to publish it
for participation in eduGAIN.

Practices on Services Provider Registration

Each Service must be manually approved by a team member of the federation operator
in order to be registered with the federation.
Such approval requires:
- a completed membership service agreement signed by official
representative(s) of the newly participating service provider;
- elements and attributes to be registered must use a domain name of
that service provider.

The administrators appointed specifically by that SP would then get
an access to the Metadata Manager service where they would upload the metadata
of the their Service.

After the approval, the federation operator publishes and maintains the
federation's metadata.

Subsequent changes to these elements and attributes do not require
re-approval by the federation operator. Only, administrators appointed
specifically by that Service can modify the Service specific information.

For interfederation, the entity must ask the federation operator to publish it
for participation in eduGAIN.

Practices regarding metadata modifications

In IIF, no metadata gets modified because the federation operator
generates it on behalf of all entities acquired through the Metadata Manager
service.

The source for generating federation metadata is the Metadata Manager database.
The details of a registering entity are entered by each IdP/Service administrator
providing the necessary metadata information. A wizard will parse provided
entity metadata to check the SAML2 syntax and the required content.

The IdP/Service administrator also has to supply non-technical information like
descriptions or support contacts. All technical and non-technical information
is stored in a customer database. This information will be used to generates
the access credentials to the Metadata Manager system.

[1] Community Status

Subscribe to IUCC Newsletter

Connect with IUCC

tw32 fb32 in32   IUCC-POSTs

Search this site