From time to time, REFEDS issues White Papers to support those involved in federated identity management.  These papers will be published here.

This document identifies practices and attributes of organisations that may facilitate their participation in a trust framework called SIRTFI –  purposed to enable coordination of security incident response across federated organisations.  Further information about SIRTFI and the working group is available on the REFEDS wiki.
Authors:  T. Barton, J. Basney, D. Groep, N. Harris, L. Johansson, D. Kelsey, S. Koranda, R. Wartel, A. West.  Editor: H. Short

The Data protection Code of Conduct describes an approach to meet the requirements of the EU Data Protection Directive in federated identity management. The Data protection Code of Conduct defines behavioural rules for Service Providers which want to receive user attributes from the Identity Providers managed by the Home Organisations. It is expected that Home Organisations are more willing to release attributes to Service Providers who manifest conformance to the Data protection Code of Conduct. Further information is available on the REFEDS wiki.
Authors: Mikael Linden

To accelerate the deployment of identity federations and associated technologies, a template policy document has been created for use by the research and education networking community. This document was a collaboration between GEANT and REFEDS, drawing on review work undertaken as part of the REFEDS workplan.
Authors: Marina Vermezovic et al

The document, which is an updated version of the first document produced in 2008, provides recommendations on how to implement Federated Access Management Systems in order to reduce the amount of personally identifiable data that is exchanged, in accordance with the Directive 95/46/EC.
Please note that this document replaces the December 2008 documents ‘Pseudonymous Identifiers’, ‘Good Practice for Federated Access Management’ and ‘Federations and Data Protection’ which are no longer valid and have been removed.
Authors: Andrew Cormack (JANET(UK))

A comparison of the legal requirements on handling students’ personal data under the European Data Protection Directive and the US Family Education Rights and Privacy Act.
Author: Andrew Cormack (JANET(UK))

This paper reviews the values of the eduPerson’s vocabulary used consistently throughout different federations
Authors: Andrew Cormack (JANET(UK)), Mikael Linden (CSC)

This document is a summary of a debate on the TF-EMC2 mailing list. The discussion regarded the introduction of non-institutional Identity Providers (IdPs) into HE Federations and the impact that this would have on end-user choice, end-user processes and securing levels of assurance.
Author: Nicole Harris (JISC Advance)

In March 2009, JISC and JISC Collections commissioned a study to look at the issues surrounding the user experience when using federated access management. The federated access approach has been successfully adopted in many different countries throughout the world, but this success has brought with it usability issues known as ‘the discovery problem’. The full report became available in July 2009.
This is the final report of the JISC Legal investigation into the feasibility of a cross-jurisdiction common access management federation agreement. Its purpose is to evaluate the likely success of framing a common template or templates for access management agreements which can be adopted across a number of jurisdictions.
Author: Jason Campbell