Page History

\[3.1\] Please identify your access management requirements to help other Participants understand and plan for use of your resource(s). You might also or instead provide contact information for an office or person who could answer inquiries.

\[03.2\] As a _Resource Provider_, please declare what use(s) you would make of attribute information you receive.

\[03.3\] Personally identifying information can be a wide variety of things, not merely a name or credit card number. All information other than large group identity, e.g. "member of community," should be protected while resident on your site.

\[03.4\] Certain functional positions can have extraordinary privileges with respect to information on your systems. What oversight means are in place to ensure incumbents do not misuse such privileges?

\[03.5\] Occasionally protections break down and information is compromised. Some states have laws requiring notification of affected individuals. What legal and/or institutional policies govern notification of individuals if information you hold is compromised?

\[04.1\] Most InCommon Participants will use Internet2 Shibboleth technology but this is not required. It may be important for other participants to understand whether you are using other implementations of the technology standards.

\[04.2\] As a _Credential Provider_, you may wish to place constraints on the kinds of applications that may make use of your _assertions. \_As a \_Resource Provider_, you make wish to make a statement about how User credentials must be managed. This question is completely open ended and for your use.