PEER Policy Principles ====================== Date: 2012-05-18 14:19:06 CEST 1 Phase 1 - starting the service ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1.1 Open to any SP =================== The repository should allow any SP to store their metadata. 1.2 Only Domain Validation required ==================================== SP's entry should be authenticated by verifying their relation to the DNS zones referenced in its metadata (analogical to DV certificate issuance) 1.3 Federations recommended to register all their SPs ====================================================== Federation should register all their public SPs with the service. 1.4 IdPs recommended to release opaque IDs only ================================================ Federation should deliver/publish PEER metadata to all their IdPs and recommend the appropriate minimal attribute release policy (transient opaque user ID only). 2 Later development ~~~~~~~~~~~~~~~~~~~~ 2.1 SP Categorization ====================== We might add stronger SP validation policy (e. g. TACAR-like procedures) and mark the strongly validated SPs in the repository. IdPs then could use different attribute release policy based on the SP category.