LITNET federated authentication and authorization infrastructure (hereinafter - LITNET FEDI) service description
Approved by LITNET council
on the 4th of June, 2014. Meeting minutes No. 18.
I. General Provisions
1. LITNET federated authentication and authorization infrastructure (hereinafter - LITNET FEDI) service description (hereinafter - the Service description) defines the LITNET FEDI terms of service and management procedures in order to guarantee secure usage of the information technology resources to the institutions using LITNET services.
2. Herein LITNET FEDI is conceived as a set of authentication and authorization services provided to the institutional digital identities within the realm of electronic information and communications.LITNET FEDI is available to the members of LITNET community to securely access the shared services.
3. LITNET FEDI services are provided in accordance with the following principles:
3.1. transparency.This implies that LITNET FEDI service providers, institutions and LITNET community members provide information about their activities to those who by law has the right to get this information; 3.2. honesty.This implies that LITNET FEDI service providers, institutions and members of the LITNET community do not take deception, fraud and avoid unfair advantage in achieving the action; 3.3. cooperation.This implies that any relationship between LITNET FEDI service providers, institutions and members of the LITNET community are based on mutual goodwill criteria; 3.4. respect.This implies that LITNET FEDI service providers, institutions and members of the community LITNET always behave respectfully with each other and other interested parties; 3.5. quality.This implies that LITNET FEDI service must be continuously evaluated and improved considering the needs of the LITNET institutions and members of the LITNET community and bestpractices and acceptable security standards; 3.6. confidentiality.This implies that all information related the to the provision of LITNET FEDI services are used only for administrative purposes; 3.7. non-commercial use.This implies that the institutions and members of the LITNET community do not use LITNET FEDI services for commercial purposes; 3.8. unity of the rights and obligations.This implies that any rights provided in this Procedure are not absolute and are inseparable from the defined obligations and LITNET FEDI service principles.
4. Definitions:
4.1. Authentication -process of the identification of an electronic identity of the user of a shared service; 4.2. Authorization - process of the granting access to the user of federated services; 4.3. electronic identity provider (hereinafter - IDP) - an institution possessing an electronic identity management and single sign-on (hereinafter - SSO) systems; 4.4. federated service - service provided by institutions or other providers which uses LITNET FEDI for user authentication and authorization; 4.5. federated service user - member of the LITNET community who is entitled to use available federated service; 4.6. incident - activity that does not confirm with LITNET FEDI terms of service and disrupts LITNET FEDI or federated services or causing threats in cyberspace; 4.7. institution - a legal body acting as LITNET technical center or has or is intending to have LITNET service contract; 4.8. institutional electronic identity - the information set that correctly identifies physical person in cyberspace as an institution employee or a member of the academic community (professors emeritus affiliated scientist, a visiting lecturer or researcher, student, etc.), or recipient of the service of education, training or general education (eg, user name and password, digital certificate, an electronic signature, and so on.); 4.9. member of the LITNET community - an employee or a member of academic community of the institution that has signed LITNET service agreement or recipient of the education, training or general education service provided by the institution.
5. Other definitions in this Procedure are used in line with Law of Education and Studies and the order the Ministry of Science and Education approved in 16 March 2011 No. V-436. and the description of the structure and governance of the Research and Education network LITNET.
II. LITNET FEDI service management
6. LITNET FEDI service management includes LITNET FEDI service planning, organization, competence allocation between LITNET FEDI service management entities and quality supervision of the services.
7. LITNET FEDI service management is carried out by the LITNET Board, the LITNET Expert Group and the LITNET FEDI operator.
8. LITNET Board:
8.1. appoints LITNET Technical Center to the role of LITNET FEDI operator; 8.2. authorizes institution connection to the LITNET FEDI; 8.3. takes a decision on the expansion of federated services available to LITNET community members; 8.4. takes a decision on the participation in national and international projects related to LITNET FEDI service expansion and development; 8.5. takes other decisions to LITNET FEDI service-related issues.
9. LITNET Expert Group:
9.1. submits proposals to the LITNET Board regarding LITNET FEDI operator appointment and replacement; 9.2. provides to the LITNET Board LITNET FEDI development plans; 9.3. provides to the LITNET Board reports on activities related to the LITNET FEDI provision and use; 9.4. submit proposals to the LITNET Board regarding participation in national and international projects and regarding cooperation with national and international organizations; 9.5. approves the technical requirements to be met by IDP connected to the LITNET FEDI; 9.6. considers institution applications for connection to the LITNET FEDI and provides LITNET Board with reasoned decisions; 9.7. approves the technical requirements to be met by the federated service; 9.8. considers requests regarding federated services provisioning and provides reasoned decisions to the LITNET Board; 9.9. provides LITNET Board with reasoned proposals for the removal of federated service; 9.10. considers other LITNET FEDI issues.
10. LITNET FEDI operator performs LITNET FEDI service technical maintenance.
11. LITNET FEDI operator must:
11.1. ensure secure, continuous and reliable LITNET FEDI hardware and software solution implementation and operation; 11.2. advise the federated service administrator dealing with their managed services operation issues; 11.3. advise the other institutions that seek to connect to LITNET FEDI; 11.4. prepare and submit reports to the LITNET Expert Group on the LITNET FEDI use, operation, development plans and any other LITNET FEDI related activities; 11.5. publish relevant information about LITNET FEDI including LITNET FEDI IDP list along with contact information.
12. LITNET FEDI operator has the right to:
12.1. restrict federated service if there is a threat to the information security of federated services and users. Users of LITNET FEDI and federated services must be promptly informed about such a restriction and of the potential causes; 12.2. to refer to a group of experts with reasoned request regarding termination of the LITNET FEDI service; 12.3. to refer to a group of experts with reasoned request regarding federated service restriction or termination.
III. LITNET FEDI service provisioning
13. LITNET FEDI service can be provided if the institution meets all of the following conditions:
13.1. institution has an electronic identity management system; 13.2. institution has a single sign-on system; 13.3. has or is in process to establish a LITNET service contract; 13.4. institution meets the technical requirements of electronic identity providers.
14. The institution seeking to use LITNET FEDI service must apply to the LITNET Board Chairman.LITNET FEDI service is provided after the LITNET service agreement is signed or the existing agreement is modified accordingly.
15. Institution using LITNET FEDI service must:
15.1. promptly inform LITNET FEDI operator of the responsible person changes; 15.2. immediately inform the LITNET FEDI operator regarding an incident and actively collaborate in addressing the consequences of the incident; 15.3. apply the appropriate recognized and constantly updated measures to ensure transfered information security and trustworthiness; 15.4. in accordance with instructions of LITNET FEDI operator or LITNET Technical Center to provide information related to the use of LITNET FEDI; 15.5. to introduce institutions electronic ID holders with LITNET FEDI Procedures.
16. Institution using LITNET FEDI are entitled:
16.1. submit proposals to the LITNET Technical Center regarding to the LITNET FEDI service; 16.2. submit a request to disconnect the institution from LITNET FEDI.
17. Entities that can act as a Federated service providers can be:
17.1. LITNET Technical Centers; 17.2. institutions with the existing LITNET service agreements; 17.3. other legal entities, with which LITNET Technical Center has an appropriate service contract.
IV. Final Provisions
18. LITNET FEDI relevant information is available on the website at www.fedi.litnet.lt . 19. This document may be amended by the LITNET Board decision. 20. The parties attempt to resolve any disputes related to the LITNET FEDI of use by negotiation. Failing an agreement, disputes shall be settled according to the law of the Republic of Lithuania.