This document provides technical recommendations for members of the UK Access Management Federation for Education and Research (the UK federation). Its primary audience is those technical staff involved in designing services or deploying software for use in the UK federation.
The information in this document is supplemented by that provided by the UK federation’s web site.1 In particular, the web site always contains the most up-to-date version of recommendations in areas of rapid change such as the suitability of certificate products or specific software versions.
A companion document, the Federation Technical Specifications ([UKFTS]), specifies the federation’s technical architecture in more detail, including the rationale behind some of the technical choices made. Familiarity with the Federation Technical Specifications is not normally required for individual deployments; its primary audiences are developers of federation software and operators of partner federations.
The federation serves a broad constituency of member organisations with a wide range of uses for federated identity technologies. This document is therefore not prescriptive; rather, it aims to establish a common set of standards each of which, if followed, will increase an individual member’s ability to inter-operate with other members of the federation.
1.1 Keeping Up To Date
Due to the rapidly changing nature of the software and standards associated with identity technologies, it will be necessary to update this document from time to time to reflect new developments. The latest version of this document can always be found on the federation web site (see [UKTRP]); federation members should review the latest version of this document periodically, and in any case whenever a new deployment is contemplated.
New editions of this and other federation technical documents, as well as other announcements thought to be relevant to federation members, are reported on the federation mailing list. The technical and administrative contacts listed for all entities registered with the federation are made members of the mailing list automatically; other addresses can be added to the list by request.
1.2 Document Status
This edition provides recommendations for the UK federation with effect from its date of publication as shown on the cover page.
1.3 Changes in this Edition
Removed discussion about specific versions of Shibboleth and other software.
Added a recommendation that metadata refresh should not take place too often without making use of conditional GET.
Removed constraints on certificates used as trust fabric certificates.
Added the verification fingerprint for the signing certificate to be used from November 2014.
1.4 Future Directions
Where appropriate, major sections of this document contain a sub-section called “Future Directions” describing likely future developments in the area under consideration. These notes are provided to allow members to incorporate this information into planning activities.
Several sections of this document have been identified as requiring frequent change in order to stay current. In future editions, it is intended that such information be provided on the UK federation’s web site instead of in more static documentation.