policy Archive

Requirements for SAML2 Identity Providers v20190207

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on 1 January 2019. The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Metadata Registration Practice Statement v20190207

Changes to the Metadata Registration Practice Statement that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. All other changes are approved by the SAFIRE Steering Committee. This version reached rough consensus on 1 January 2019 and was ratified by the Steering Committee on . Definitions and terminology The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 21191.

Practice Note: Participation Agreement

Federation is a complex space, and South Africa is grappling with the implication of new privacy legislation. Whilst we’ve tried to make SAFIRE’s Participation Agreement easy for the likely signatory — a federation layman — to understand, experience has shown that there are sometimes misunderstandings of the technology and gaps in interpretation. This document is intended to consolidate that experience into a practice note for legal departments and other people trying to make sense of the SAFIRE Participation Agreement.

Privacy Statement v20181207

Changes to the Privacy Statement are approved by the SAFIRE Steering Committee. This version was ratified on 7 December 2018. It is a complete rewrite of v20161221. The South African Identity Federation (SAFIRE) exists to simplify access to content, services and resources for the global research and education community. The basic principle underpinning the security of SAFIRE is that the authentication of a user is carried out at his/her home institution (Identity Provider, IdP) using the institution’s specific authentication method.

Metadata Aggregation Practice Statement v20180926

Changes to the Metadata Aggregation Practice Statement are announced to the SAFIRE Participants’ Forum. SAFIRE generates a number of metadata aggregates for various purposes, including inter-federation and its own internal operations. This document gives a broad overview of how the aggregation process works. It is currently non-normative and will be refined over time. Metadata aggregator SAFIRE makes use of WAYF’s PHPH (PHederation PHeeder) metadata aggregation software. An overview of the configuration of this aggregator and the aggregates it generates is publically available at https://phph.

Requirements for SAML2 Service Providers v20180918 (Draft)

Changes to the Requirements for SAML2 Service Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on . The following describes the technical and administrative checks that will be made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Requirements for SAML2 Identity Providers v20180918 (Draft)

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on . The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Requirements for SAML2 Service Providers v20180319 (Draft)

Changes to the Requirements for SAML2 Service Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on . The following describes the technical and administrative checks that will be made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

Requirements for SAML2 Identity Providers v20180319 (Draft)

Changes to the Requirements for SAML2 Identity Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on . The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile.

South African Identity Federation