Metadata registration practice statement Federation Name: HEAL-Link Federation Federation Operator: HEAL-Link, Greece Federation Web Page: https://www.heal-link.gr/aai.php?lang=en Date created: 20141029 Date of last change: 20141029 Common Practices ---------------- HEAL-Link comprises from all Academic and research Institutions in Greece funded by the Ministry of Education. Therefore its Members are automatically registered to the Federation. Members (https://www.heal-link.gr/members.php). Any Organization having cooperation with HEAL-Link or any of its members can join HEAL-Link Federation as a partner. An Organization asking to join HEAL-Link Federation with an IDP or an SP has to contact HEAL-Link by email or phone in order to request Membership or Partnership. Membership is for HEAL-Link members (Academic and research Institutions funded by the Ministry of Education https://www.heal-link.gr/members.php) that need Federated access services. The Partnership refers to other Organizations (Publishers/Platforms providing electronic subscriptions to HEAL-Link or any of its members or any of HEAL-Link Federation members). Membership or Partnership request must be signed by official representative(s) of the participating institution. The Membership or Partnership request is checked by the federation operator and must be approved by the Policy Committee. Practices on Identity Provider Registration ------------------------------------------- An Organization asking to register an IDP has to contact HEAL-Link Federation, sign and send to HEAL-Link Office the appropriate Agreement with the corresponding Policies and Technical requirements (https://www.heal-link.gr/docs/HEAL-Link-AAI%20Service%20Agreement(MEMBERS)_GR.pdf) and then send the appropriate metadata for the entity. The agreement and Metadata received from the Organization are checked by the federation operator to verify the requirements and must be approved by the Policy Committee. Necessary requirements: - a document describing the process for end users before their registration in the IDP; - the privacy policy on attributes release; - the IDP must be correctly configured, secured and running; After the approval, the federation operator publishes and maintains the Metadata. Subsequent changes to these elements and attributes do not require re-approval by the federation operator. Only administrators specifically appointed by the Organization can modify the IdP information. For interfederation, the entity must provide SAML2 Metadata and ask the federation operator to publish it for participation in eduGAIN. Practices on Registration of a Service Provider ------------------------------------------ An Organization asking to register an IDP has to contact HEAL-Link Federation, sign and send to HEAL-Link Office the appropriate Agreement with the corresponding Policies and Technical requirements (https://www.heal-link.gr/docs/HEAL-Link-AAI%20Service%20Agreement(PARTNERS).pdf) and then send the appropriate metadata for the entity. The form and Metadata received from the Organization are checked by the federation operator to verify the requirements and must be approved by the Policy Committee. Requirements: - declaration to fulfill EU Data Protection Directive; - the SP must be correctly configured, secured and running; After approval, the federation operator publishes and maintains the Metadata. Subsequent changes to these elements and attributes do not require re-approval by the federation operator. Only administrators specifically appointed by the Organization can modify the SP specific information. For interfederation, the entity must provide SAML2 Metadata and ask the federation operator to publish it for participation in eduGAIN. Practices regarding Metadata modifications ------------------------------------------ In HEAL-Link, Metadata is modified only by a manual intervention of the federation operator. When an entity needs a change, its administrator sends the new Metadata to the federation operator, who makes the appropriate checks before including/substituting the new snippet in the official federation Metadata file. The IdP/SP administrator also has to insert into the Metadata non-technical information like descriptions or support contacts.