UK Access Management Federation
for Education and Research
Attribute release to Service Providers
Posted on Friday, 23 December 2016
Federation members may be aware of a reported security breach at Lynda.com https://www.linkedin.com/help/lynda/answer/75205. As it stands this should not have resulted in any leak of Personally Identifiable Information (PII) for any UK federation users through UK federation related authentication processes, however at this time I’d like to remind everyone of the key element of federated access being the correct attribute request and attribute release by Service Providers and Identity providers respectively.
Further details on best practice can be found here https://www.ukfederation.org.uk/content/Documents/AttributesForAuthorization and also in the UK federation Technical recommendations https://www.ukfederation.org.uk/library/uploads/Documents/federation-technical-specifications.pdf and any Institutions or Service Providers who would like further advice on attribute release should contact the UK federation helpdesk.
On a different note we’d like to wish everyone happy holidays and the UK federation will be available for entity registrations and modifications from January 3rd 2017.
Sirtfi, the Security Incident Response Trust Framework for Federated Identity
Posted on Thursday, 15 December 2016
Sirtfi, the Security Incident Response Trust Framework for Federated Identity, is a means to identify Identity Providers with sufficient operational security capability and who are willing to collaborate during incident response. Sirtfi compliance has become an essential requirement to access some high value services such as CERN and we encourage entity owners to explore adding the category to their registration with the UK federation.
For further guidance on this please visit: