January is a great time for New Year’s Resolutions. Why not make these for your federated entities today?

These resolutions are also available in the following formats:

  • pdf (Europe).
  • jpg (Europe).
  • pdf (Rest of world).
  • jpg (Rest of world).


Resolution1 One of the main problems for Service Providers using federations is lack of attribute release.  Identity Providers are rightly concerned about releasing attributes in light of data protection issues and asked for more guidance and easier tools to make data release safe and easy.  The Research and Scholarship entity category is designed to do exactly this – it is a safe way to release a small attributes bundle to Service Providers that have proven they require the attributes requested for research and scholarship needs.

More information on the justification for this approach is available.

Resolution2 Out of date software not only leads to entities not having the most up-to-date features available, but can lead to serious security risks.  Shibboleth and SimpleSAMLphp are the most popular software packages used within identity federations.  The most up-to-date software versions for these packages are:

Resolution3 The SAML 2.0 protocol celebrated its 10th anniversary on 15th March 2015. Despite this 10 year period, there are still many entities in federations using SAML 1, which causes interoperability issues and other problems for federations.  All entities are strongly encouraged to stop using SAML 1 within 2016.
Resolution4 eduGAIN is an interfederation service that allows federations to publish your entity data directly to other federations worldwide.  Ultimately this means you only have to join one federation, but can access global services. Many federations operate an “opt-in” process for entities so please ask your local federation to include your metadata in eduGAIN.
Resolution5 Confusing login processes can lead to frustrated users and ultimately less customers accessing your service.  REFEDS has prepared a good practice guide which shows Service Providers how to implement a good login experience, and also shows examples of the pitfalls of bad login.
The Code of Conduct is a way for Service Providers to declare that they are “good citizens” when it comes to data protection.  Service Providers commit to a small range of actions to help give Identity Providers confidence that they are following European data protection requirements effectively.  The Code of Conduct is self declared as an entity category.