1 Introduction
This document provides technical recommendations for members of the UK Access Management Federation for Education and Research (the UK federation). Its primary audience is those technical staff involved in designing services or deploying software for use in the UK federation.
The information in this document is supplemented by that provided by the UK federation’s web site. In particular, the web site always contains the most up-to-date version of recommendations in areas of rapid change such as the suitability of certificate products or specific software versions.
A companion document, the Federation Technical Specifications ([UKFTS]), specifies the federation’s technical architecture in more detail, including the rationale behind some of the technical choices made. Familiarity with the Federation Technical Specifications is not normally required for individual deployments; its primary audiences are developers of federation software and operators of partner federations.
The federation serves a broad constituency of member organisations with a wide range of uses for federated identity technologies. This document is therefore not prescriptive; rather, it aims to establish a common set of standards each of which, if followed, will increase an individual member’s ability to inter-operate with other members of the federation.
The rationale behind certain important technical recommendations is called out in boxes like this.
Where appropriate, boxes like this are used to describe likely future developments in the area under consideration. These notes are provided to allow members to incorporate this information into planning activities.
1.1 Keeping Up To Date
Due to the rapidly changing nature of the software and standards associated with identity technologies, it will be necessary to update this document from time to time to reflect new developments. The latest version of this document can always be found on the federation web site (see [UKTRP]); federation members should review the latest version of this document periodically, and in any case whenever a new deployment is contemplated.
Several sections of this document have been identified as requiring frequent change in order to stay current. In future editions, it is intended that such information be provided on the UK federation’s web site instead of in more static documentation.
New editions of this and other federation technical documents, as well as other announcements thought to be relevant to federation members, are reported on the federation mailing list. The technical and administrative contacts listed for all entities registered with the federation are made members of the mailing list automatically; other addresses can be added to the list by request.
1.2 Document Status
This edition provides recommendations for the UK federation with effect from its date of publication as shown on the cover page.
1.3 Changes in this Edition
-
Section 5.1.2 (“Trust Fabric Certificates”) no longer discusses commercial certification authorities.
-
The description of trust fabric key compromise in section 5.2 have been clarified to indicate that actions taken by the federation operator are determined on a case-by-case basis.
-
Documentation of the previously deprecated “
all.wayf
” endpoint of the Central Discovery Service (CDS) has been removed from section 6.3.1 (“Deprecated Endpoints”) as the endpoint has been retired. -
Removed the “Future Direction” section relating to Unique Learner Numbers from section 7 (“Attribute Usage”).
-
Removed unused references.