UK Access Management Federation
for Education and Research

Using the WAYF protocol with the UK federation Central Discovery Service is deprecated

Posted on Friday, 23 June 2017

This is formal notice that UK federation Central Discovery Service (CDS) support for the WAYF protocol is now deprecated. The WAYF protocol's limitations are sufficient that, since 2012, we have not recommended its use for new service provider deployments. Service Providers which use the WAYF protocol with our Central Discovery Service force Identity Providers to use the legacy SAML 1 protocol, and we no longer wish to facilitate the use of SAML 1. Our CDS will continue to support the Identity Provider Discovery Service (DS) Protocol [1], which supports both SAML 2 and SAML 1 operations.

read more...

Attribute release to Service Providers

Posted on Friday, 23 December 2016

Federation members may be aware of a reported security breach at Lynda.com https://www.linkedin.com/help/lynda/answer/75205. As it stands this should not have resulted in any leak of Personally Identifiable Information (PII) for any UK federation users through UK federation related authentication processes, however at this time I’d like to remind everyone of the key element of federated access being the correct attribute request and attribute release by Service Providers and Identity providers respectively.

Further details on best practice can be found here https://www.ukfederation.org.uk/content/Documents/AttributesForAuthorization and also in the UK federation Technical recommendations https://www.ukfederation.org.uk/library/uploads/Documents/federation-technical-specifications.pdf and any Institutions or Service Providers who would like further advice on attribute release should contact the UK federation helpdesk.

On a different note we’d like to wish everyone happy holidays and the UK federation will be available for entity registrations and modifications from January 3rd 2017.

read more...