Attribute release to Service Providers
Posted on Friday, 23 December 2016
Federation members may be aware of a reported security breach at Lynda.com https://www.linkedin.com/help/lynda/answer/75205. As it stands this should not have resulted in any leak of Personally Identifiable Information (PII) for any UK federation users through UK federation related authentication processes, however at this time I’d like to remind everyone of the key element of federated access being the correct attribute request and attribute release by Service Providers and Identity providers respectively.
Further details on best practice can be found here https://www.ukfederation.org.uk/content/Documents/AttributesForAuthorization and also in the UK federation Technical recommendations https://www.ukfederation.org.uk/library/uploads/Documents/federation-technical-specifications.pdf and any Institutions or Service Providers who would like further advice on attribute release should contact the UK federation helpdesk.
On a different note we’d like to wish everyone happy holidays and the UK federation will be available for entity registrations and modifications from January 3rd 2017.
Sirtfi, the Security Incident Response Trust Framework for Federated Identity
Posted on Thursday, 15 December 2016
Sirtfi, the Security Incident Response Trust Framework for Federated Identity, is a means to identify Identity Providers with sufficient operational security capability and who are willing to collaborate during incident response. Sirtfi compliance has become an essential requirement to access some high value services such as CERN and we encourage entity owners to explore adding the category to their registration with the UK federation.
For further guidance on this please visit:
Service desk closure for Winter break
Posted on Thursday, 8 December 2016
As always, the UK federation service desk takes an extended break over Christmas and New Year. This means that the helpdesk will be unavailable from 11:00 on Friday 23rd December and will re-open at 10:00 on Tuesday 3rd January 2017. If you submit a request to firstname.lastname@example.org during these dates, your email will be logged, but we won't be able to respond until we return in January.
UK federation metadata will be re-published automatically over the holiday period so, whilst we will not make changes to UK federation-registered entities, there may be changes due to entities imported via eduGAIN.
Posted on Sunday, 4 December 2016
This week we celebrate the tenth anniversary of the UK federation, which has grown from a pilot project between Edinburgh University and Janet to the Service that Jisc provides today, with over a thousand members and reaching users and services in almost 40 countries. On the anniversary it seemed apt to update you on some developments which are occurring with the UK federation.
Research and Scholarship entity category policy for UK federation Service Providers
Posted on Monday, 28 November 2016
About the Research and Scholarship (R&S) Category
Candidates for the Research and Scholarship (R&S) Category are Service Providers that are operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part. Example Service Providers may include (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively. This Entity Category should not be used for access to licensed content such as e-journals. More information can be found here: https://refeds.org/category/research-and-scholarship
Shib IdP v3 security & v3.3 release
Posted on Monday, 14 November 2016
A security advisory  has been released for the Shibboleth v3 Identity Provider that involves deployments using the Result Cache feature of the LDAP Data Connector - the issue could result in data associated with one user being substituted for another. Also, a new version of the Shibboleth IdP (v3.3.0) has been released which, amongst various improvements and new features, fixes this issue. read more... Edited by MarkWilliams ?