...
...........................................
References:
GEANT's Data Protection one.. accessed from Clarin..:http://www.geant.net/uri/dataprotection-code-of-conduct/V1/Pages/default.aspx (accessed from https://www.clarin.eu/content/how-can-i-comply-data-protection-code-conduct and http://www.geant.net/uri/dataprotection-code-of-conduct/V1/Pages/default.aspx'Adding and removing Credential Service Providers under )
https://refeds.terena.org/index.php/Federations
(esp. section 4 and 5)
We also have the discussion/list in the IETF about the Vectors of Trust which we should refer to
The trust vectors so far are (flip-sided as risk vectors thanks to Scott Shorter!):
Identity proofing/Identity theft
Credential Management/Credential Use
Assertion Presentation
And we have some basic security requirements from the likes of ISO 27001/27002
Excerpt from InCommon FOPPs- sections 6-10 most relevant
Data Protection Code of Conduct For Service Providers ... with clauses that might apply to an overall contract removed for clarity./.
...