Good practices

• 
• 

The federation recommends that participants adopt the following practices:

 

>> Have procedures defined for users and their attributes management;

>> Informing users about good practices regarding the use and confidentiality of passwords, and the need to replace them periodically;

>> To enable each user to determine which attributes will be sent to each service. When this is not possible, inform users which attributes are sent without his consent;

>> To ensure the high availability of the identity provider;

>> Have technically prepared team to operate the identity provider;

>> Monitor the identity provider by monitoring logs;

>> Keep log files for a minimum of six months;

>> Provide information needed for security incident investigation;

>> Keep the server's clock synchronized with an NTP server;

>> Monitor the validity of licenses used;

>> Documenting changes made on the server;

>> Keep the operating system and other software up to date by applying all critical changes;

>> Update the face time metadata file;

>> Use only official servers CAF-Moz as a source of metadata;

>> Have a user with permission to read only to query the source of identity data provider;

>> Owning servers (physical or virtual) separate for each application (e.g .: Shibboleth, EID, OpenLDAP, etc.);

>> Keep backup (backup) the identity provider settings;

>> Follow the scripts prepared by the support team of CAF-Moz, using the suggested applications and are supported.