Policy Archive

Practice Note: Participation Agreement

Federation is a complex space, and South Africa is grappling with the implication of new privacy legislation. Whilst we’ve tried to make SAFIRE’s Participation Agreement easy for the likely signatory — a federation layman — to understand, experience has shown that there are sometimes misunderstandings of the technology and gaps in interpretation. This document is intended to consolidate that experience into a practice note for legal departments and other people trying to make sense of the SAFIRE Participation Agreement.

Attribute Release Policy v20170811

This version of the Attribute Release Policy reached rough consensus on 11 August 2017. As a revision to the previous version, it allows affiliation attributes to be released in the default ARP. Management of attribute release to Service Providers has been delegated to the Federation Operator in terms of the Participation Agreement. Attribute Release Profiles Through a community consensus process, the following attribute release profiles have been approved: Default The Default release profile used when no other attribute release policy is defined:

Attribute Release Policy v20170728

This revision does not substantively change the ARP, but introduces a section that clarifies its interpretation with respect to inter-federationn. Management of attribute release to Service Providers has been delegated to the Federation Operator in terms of the Participation Agreement. Attribute Release Profiles Through a community consensus process, the following attribute release profiles have been approved: Default The Default release profile used when no other attribute release policy is defined:

Metadata Aggregation Practice Statement v20170724

SAFIRE generates a number of metadata aggregates for various purposes, including inter-federation and its own internal operations. This document gives a broad overview of how the aggregation process works. It is currently non-normative and will be refined over time. Metadata aggregator SAFIRE makes use of WAYF’s PHPH (PHederation PHeeder) metadata aggregation software. An overview of the configuration of this aggregator and the aggregates it generates is publically available at https://phph.

Metadata Aggregation Practice Statement v20170303 (Draft)

SAFIRE generates a number of metadata aggregates for various purposes, including inter-federation and its own internal operations. This document gives a broad overview of how the aggregation process works. It is currently non-normative and will be refined over time. Metadata aggregator SAFIRE makes use of WAYF’s PHPH (PHederation PHeeder) metadata aggregation software. An overview of the configuration of this aggregator and the aggregates it generates is publically available at https://phph.

Metadata Registration Practice Statement v20170213

This version of the Metadata Registration Practice Statement reached rough consensus on 16 September 2016. There has been a subsequent minor revision to add acknowledgements. Definitions and terminology The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 21191. Federation, Identity Federation: An association of organisations that come together to securely exchange information as appropriate about their users and resources to enable collaborations and transactions.

Requirements for SAML2 Identity Providers v20161221 (Draft)

The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for identity provider operators for assessing their readiness to participate. Metadata MUST1 have an entityID that is a URL (well-known location). The URL SHOULD use the https scheme and it is RECOMMENDED that valid metadata be available at this URL.

Privacy Statement v20161221

This version of the Privacy Statement reached rough consensus on 21 December 2016. As a revision to version v20160622, it includes a new section about website analytics. Introduction This document explains what personal information is collected by the South African Identity Federation (SAFIRE) and how it is used. This document SHALL1 be published on the Federation website at https://safire.ac.za/safire/policy/privacy/. Types of data collected or processed Metadata The Federation collects metadata from various entities to facilitate the operation of the federation.

South African Identity Federation