University of California, Riverside

InCommon Federation: Participant Operational Practices



Home


InCommon Federation: Participant Operational Practices

Participation in InCommon Federation (“Federation”) enables the participant to use Shibboleth identity attribute sharing technologies to manage access to on-line resources that can be made available to the InCommon community.  One goal of the Federation is to develop, over time, community standards for such cooperating organizations to ensure that shared attribute assertions are sufficiently robust and trustworthy to manage access to important protected resources.  As the community of trust evolves, the Federation expects that participants eventually should be able to trust each other's identity management systems and resource access management systems as they trust their own. 

A fundamental expectation of InCommon Participants is that they provide authoritative and accurate attribute assertions to other participants and that participants receiving an attribute assertion protect it and respect privacy constraints placed on it by the Federation or the source of that information.  In furtherance of this goal, InCommon requires that each participant make available to other participants certain basic information about any identity management system, including the identity attributes that are supported, or resource access management system that they register for use within the Federation.

Two criteria for trustworthy attribute assertions by Credential Providers are: (1) that the identity management system fall under the purview of the organization’s executive or business management, and (2) the system for issuing end-user credentials (e.g. PKI certificates, userids/passwords, Kerberos principals, etc.) specifically have in place appropriate risk management measures (for example authentication and authorization standards, security practices, risk assessment, change management controls, audit trails, etc.).

InCommon expects that Resource Providers, who receive attribute assertions from another organization, respect the other organization's policies, rules and standards regarding the protection and use of that data.  Furthermore, such information should be used only for the purposes for which it was provided.  InCommon strongly discourages the sharing of that data with third parties, or aggregation of it for marketing purposes without the explicit permission of the identity information provider. 

InCommon requires participating organizations to make available to all other InCommon Participants answers to the questions below.  Additional information to help answer each question is available in the next section of this document.  There is also a glossary at the end of this document that defines terms shown in italics.

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-4741
Fax: (951) 827-4541
E-mail: helpdesk@ucr.edu

Footer