InCommon Federation Participant Operational Practices Part 2

The most critical responsibility that an Identity Provider Participant has to the Federation is to provide trustworthy and accurate identity assertions.  It is important for a Service Provider to know how your electronic identity credentials are issued and how reliable the information associated with a given credential (or person) is.

Identity Provider Information


1. If you are an Identity Provider, how do you define the set of people who are eligible to receive an electronic identity?  If exceptions to this definition are allowed, who must approve such an exception?



All individuals who come in from the Student Information System or the Human Resources System with the affiliation of  student, faculty, staff, volunteer, or alumni of the University at Buffalo are granted an electronic identity. Limited access accounts are also provided to Library walk-in patrons, applicants, continuing education participants and conference visitors.

2. “Member of Community” is an assertion that might be offered to enable access to resources made available to individuals who participate in the primary mission of the university or organization.  For example, this assertion might apply to anyone whose affiliation is “current student, faculty, or staff.” 

What subset of persons registered in your identity management system would you identify as a “Member of Community” in Shibboleth identity assertions to other InCommon Participants?

All active students, faculty, and staff