The federation recommends that participants adopt the following practices:
>> Have procedures defined for users and their attributes management;
>> Informing users about good practices regarding the use and confidentiality of passwords, and the need to replace them periodically;
>> To enable each user to determine which attributes will be sent to each service. When this is not possible, inform users which attributes are sent without his consent;
>> To ensure the high availability of the identity provider;
>> Have technically prepared team to operate the identity provider;
>> Monitor the identity provider by monitoring logs;
>> Keep log files for a minimum of six months;
>> Provide information needed for security incident investigation;
>> Keep the server's clock synchronized with an NTP server;
>> Monitor the validity of licenses used;
>> Documenting changes made on the server;
>> Keep the operating system and other software up to date by applying all critical changes;
>> Update the face time metadata file;
>> Use only official servers CAF-Moz as a source of metadata;
>> Have a user with permission to read only to query the source of identity data provider;
>> Owning servers (physical or virtual) separate for each application (e.g .: Shibboleth, EID, OpenLDAP, etc.);
>> Keep backup (backup) the identity provider settings;
>> Follow the scripts prepared by the support team of CAF-Moz, using the suggested applications and are supported.