Policy Archive

Requirements for SAML2 Service Providers v20180918 (Draft)

Changes to the Requirements for SAML2 Service Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on . The following describes the technical and administrative checks that will be made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Requirements for SAML2 Identity Providers v20180918 (Draft)

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on . The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Practice Note: Participation Agreement

Federation is a complex space, and South Africa is grappling with the implication of new privacy legislation. Whilst we’ve tried to make SAFIRE’s Participation Agreement easy for the likely signatory — a federation layman — to understand, experience has shown that there are sometimes misunderstandings of the technology and gaps in interpretation. This document is intended to consolidate that experience into a practice note for legal departments and other people trying to make sense of the SAFIRE Participation Agreement.

Requirements for SAML2 Service Providers v20180319 (Draft)

Changes to the Requirements for SAML2 Service Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on . The following describes the technical and administrative checks that will be made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Requirements for SAML2 Identity Providers v20180319 (Draft)

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on . The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Attribute Release Policy v20170811

Changes to the Attribute Release Policy are approved by the SAFIRE Steering Committee. This version reached rough consensus on 11 August 2017 and still needs to be ratified. As a revision to the previous version, it allows affiliation attributes to be released in the default ARP. Management of attribute release to Service Providers has been delegated to the Federation Operator in terms of the Participation Agreement. Attribute Release Profiles Through a community consensus process, the following attribute release profiles have been approved:

Attribute Release Policy v20170728

This revision does not substantively change the ARP, but introduces a section that clarifies its interpretation with respect to inter-federationn. Management of attribute release to Service Providers has been delegated to the Federation Operator in terms of the Participation Agreement. Attribute Release Profiles Through a community consensus process, the following attribute release profiles have been approved: Default The Default release profile used when no other attribute release policy is defined:

South African Identity Federation