Child pages
  • Report: Code of Conduct for Relying Parties for services to Government

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. [Payment] pay the Charges in accordance with XXXX clause in the Federation Agreement;
  2. [Co-operation] co-operate with Federation/IdP personnel in connection with its background checking/identity proofing of RP/SP responsible officers, registering authorisation policy for and provide access to records and resources, operation and safe-guarding of the Service/s; and advise IdP promptly of any Service anomalies, suspicious or unusual usage, or complaints relating to the Services and provide reasonable assistance to Federation/IdP in the investigation of such anomalies, usage or complaints; 
  3. [Standards Compliance] comply with any standards or specifications issued by the Federation/IdP and any reporting obligations required by the IdP/AP from time to time in accordance with any relevant legislation (including those of a contracted third party to the RP/SP)
  4. [Audit]   provide appropriate assistance, where reasonably requested by IdP/AP, in carrying out any audit of the Client’s use of the Services or related systems or suppliers; comply with all certification and accreditation requirements
  5. [Federation Reporting] participate in progress reporting as specified in the Service Schedule;
  6. [ transparent relationship  ] ensure that the agency Service Provider/RP's website terms and conditions explain the inter-relationship of the Services and the Client’s systems in terms agreed with Federation/IdP; that the RP/Service Provider maintains an accurate and up to date register of its roles and activities 
  7. [ Promotion  ]   use its best endeavours to promote the Services and instructions for use, to its customer base to encourage service uptake and use;
  8. [Maintenance and notification  ]  use and maintain the Service Interface including the security between the Client’s systems and the Service System;  register/modify/remove/retrieve meta-data,  maintain PKI certificates as defined in the XX Federation Documentation XX; notify IdP of any network changes or certification renewals that may impact on any part of the Service, use the Admin interface to register and update details relating to the Service and the officers charged with administering the service
  9. [Technical Consistency] Requirements for mandatory conformance testing before being connected to the production environment; Requirements for session management and logout (e.g. requirements for session timeout periods and single logout behaviour across the federation); Requirements for logging certain events (e.g. SAML Request/Responses) and to establish correlation identifiers in logs; Requirements for UI (to ensure a consistent user experience across the federation - e.g. layout and placement of 'logout' buttons etc.); Requirements for certificates used to secure communication between SP and IdP.

Exit and Off boarding

  1. [Exit and off boarding]: RP must have an explicit written policy to address and mitigate impacts to existing users (e.g portability of accounts if feasible, re-enrollment, credential switching) in the event that the RP terminates or is terminated from its role.
  2. [Exit and off boarding]: RP must have predetermined processes to put into action to update Helpdesk on status, call handling procedures and documentation, website information, test scripts and system flows to reflect the terminated state of the RP  

...

TERENA: https://refeds.terena.org/index.php/Federations

NemLog-in Denmark: http://www.digst.dk/~/media/Files/NemLogin/Tilslutnings-doks/Guide-til-foederationstilslutning-V1-1.pdf 

.........................................................................................................................................................................................................

...