...
SURFnet
Doc (in Dutch)
- Simple (Single?) Sign On
- How many systems/applications can be used with the account, authentication, identities in the organisation
- Authorization
- How many systems/applications can be authorized with the account, roles/groups, central or decentral, types of groups/roles, differenciate between identities
- Source Identified source system
- which/how many source systems are used, manual input with documentation, one leading system, add attributes/information for SP
- Policies?
- for authorization, authentication, provisioning, standardisation, FIM, privacy; responsibilities for them; architecture; security policy; password policy; lifecycle for accounts; how often is FIM updated; how often are policies updated; are those policies in use; monitoring and updating policies
- Processes and procedures
- processes for new users, rules for username and email, verification of the identity, lifecycle, process how data is given to a third party, process to generate new passwords, how often is the data updated, reviews and reports, conclusions from reports and reviews
- Suitable IdP System
- standardised, which standard, availability, when available
- Quality of data/identities
- correctness, completeness, change management of data, verification of data with external databases/systems
- Implementation of processes and procedures
- clearly described, monitoring, ?, legal entity?
- Security
- awareness, audits, intrusion tests, classified, actions, data protection, logfiles
...