From time to time, REFEDS issues White Papers to support those involved in federated identity management. These papers will be published here.
This document identifies practices and attributes of organisations that may facilitate their participation in a trust framework called SIRTFI – purposed to enable coordination of security incident response across federated organisations. Further information about SIRTFI and the working group is available on the REFEDS wiki.
Authors: T. Barton, J. Basney, D. Groep, N. Harris, L. Johansson, D. Kelsey, S. Koranda, R. Wartel, A. West. Editor: H. Short
- Code of Conduct [June 2013]
The Data protection Code of Conduct describes an approach to meet the requirements of the EU Data Protection Directive in federated identity management. The Data protection Code of Conduct defines behavioural rules for Service Providers which want to receive user attributes from the Identity Providers managed by the Home Organisations. It is expected that Home Organisations are more willing to release attributes to Service Providers who manifest conformance to the Data protection Code of Conduct. Further information is available on the REFEDS wiki.
Authors: Mikael Linden
- Federation Policy Template [October 2012]
To accelerate the deployment of identity federations and associated technologies, a template policy document has been created for use by the research and education networking community. This document was a collaboration between GEANT and REFEDS, drawing on review work undertaken as part of the REFEDS workplan.
Authors: Marina Vermezovic et al
- Federated Access Management [Nov 2011]
The document, which is an updated version of the first document produced in 2008, provides recommendations on how to implement Federated Access Management Systems in order to reduce the amount of personally identifiable data that is exchanged, in accordance with the Directive 95/46/EC.
Please note that this document replaces the December 2008 documents ‘Pseudonymous Identifiers’, ‘Good Practice for Federated Access Management’ and ‘Federations and Data Protection’ which are no longer valid and have been removed.
Authors: Andrew Cormack (JANET(UK))
- Student information in the US and EU [May 2011]
A comparison of the legal requirements on handling students’ personal data under the European Data Protection Directive and the US Family Education Rights and Privacy Act.
Author: Andrew Cormack (JANET(UK))
- ePSA paper [October 2009]
This paper reviews the values of the eduPerson’s vocabulary used consistently throughout different federations
Authors: Andrew Cormack (JANET(UK)), Mikael Linden (CSC)
- Multiple Identity Providers and Level of Assurance [April 2009]
This document is a summary of a debate on the TF-EMC2 mailing list. The discussion regarded the introduction of non-institutional Identity Providers (IdPs) into HE Federations and the impact that this would have on end-user choice, end-user processes and securing levels of assurance.
Author: Nicole Harris (JISC Advance)
- JISC Publisher Interface Study [July 2009]
Author: Jason Campbell