The following describes the technical and administrative checks that will be made before an identity provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for identity provider operators for assessing their readiness to participate.

Metadata

• MUST1 have an entityID that is a URL (well-known location). The URL SHOULD use the https scheme and it is RECOMMENDED that valid metadata be available at this URL.

The following PDF document contains a final draft of SAFIRE’s Participation Agreement. This agreement has achieved rough consensus within SAFIRE’s membership, and is currently awaiting legal review. There are not likely to be any substantive changes to this document, but the review process may result in a further revision.

This version of the document was submitted to eduGAIN on 18 September 2016.

Management of attribute release to Service Providers has been delegated to the Federation Operator in terms of the Participation Agreement. Through a community consensus process, the following attribute release profiles have been approved:

Default

The release profile used when no other attribute release policy is defined:

This version of the Metadata Registration Practice Statement reached rough consensus on 16 September 2016.

Definitions and terminology

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].

Definitions and terminology

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119 [RFC2119].

This version of the Privacy Statement reached rough consensus on 28 October 2016.

Introduction

This document explains what personal information is collected by the South African Identity Federation (SAFIRE) and how it is used.