WikiStart: Participant Operational Principles 20090625.htm

File Participant Operational Principles 20090625.htm, 151.9 KB (added by dabantz@…, 14 years ago)

InCommon? Federation: UA Participant Operational Practices

Line 
1<html xmlns:v="urn:schemas-microsoft-com:vml"
2xmlns:o="urn:schemas-microsoft-com:office:office"
3xmlns:w="urn:schemas-microsoft-com:office:word"
4xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
5xmlns:css="http://macVmlSchemaUri" xmlns="http://www.w3.org/TR/REC-html40">
6
7<head>
8<meta name=Title content="Federation Member Declaration">
9<meta name=Keywords content="">
10<meta http-equiv=Content-Type content="text/html; charset=macintosh">
11<meta name=ProgId content=Word.Document>
12<meta name=Generator content="Microsoft Word 2008">
13<meta name=Originator content="Microsoft Word 2008">
14<link rel=File-List
15href="Participant%20Operational%20Principles%2020090625_files/filelist.xml">
16<title>Federation Member Declaration</title>
17<!--[if gte mso 9]><xml>
18 <o:DocumentProperties>
19  <o:Author>David L. Wasley</o:Author>
20  <o:Template>Normal.dotm</o:Template>
21  <o:LastAuthor>David Bantz</o:LastAuthor>
22  <o:Revision>4</o:Revision>
23  <o:TotalTime>58</o:TotalTime>
24  <o:LastPrinted>2009-06-26T01:13:00Z</o:LastPrinted>
25  <o:Created>2009-06-26T01:14:00Z</o:Created>
26  <o:LastSaved>2009-06-26T01:51:00Z</o:LastSaved>
27  <o:Pages>4</o:Pages>
28  <o:Words>3318</o:Words>
29  <o:Characters>18914</o:Characters>
30  <o:Company>University of California</o:Company>
31  <o:Lines>157</o:Lines>
32  <o:Paragraphs>37</o:Paragraphs>
33  <o:CharactersWithSpaces>23227</o:CharactersWithSpaces>
34  <o:Version>12.256</o:Version>
35 </o:DocumentProperties>
36 <o:OfficeDocumentSettings>
37  <o:PixelsPerInch>96</o:PixelsPerInch>
38  <o:TargetScreenSize>800x600</o:TargetScreenSize>
39 </o:OfficeDocumentSettings>
40</xml><![endif]--><!--[if gte mso 9]><xml>
41 <w:WordDocument>
42  <w:SpellingState>Clean</w:SpellingState>
43  <w:GrammarState>Clean</w:GrammarState>
44  <w:TrackRevisions/>
45  <w:TrackMoves>false</w:TrackMoves>
46  <w:TrackFormatting/>
47  <w:DrawingGridHorizontalSpacing>6 pt</w:DrawingGridHorizontalSpacing>
48  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
49  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
50  <w:ValidateAgainstSchemas/>
51  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
52  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
53  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
54  <w:Compatibility>
55   <w:UseNormalStyleForList/>
56   <w:DontUseIndentAsNumberingTabStop/>
57   <w:FELineBreak11/>
58   <w:WW11IndentRules/>
59   <w:DontAutofitConstrainedTables/>
60   <w:AutofitLikeWW11/>
61   <w:UnderlineTabInNumList/>
62   <w:HangulWidthLikeWW11/>
63  </w:Compatibility>
64 </w:WordDocument>
65</xml><![endif]--><!--[if gte mso 9]><xml>
66 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
67 </w:LatentStyles>
68</xml><![endif]-->
69<style>
70<!--
71 /* Font Definitions */
72@font-face
73        {font-family:Arial;
74        panose-1:2 11 6 4 2 2 2 2 2 4;
75        mso-font-charset:0;
76        mso-generic-font-family:auto;
77        mso-font-pitch:variable;
78        mso-font-signature:3 0 0 0 1 0;}
79@font-face
80        {font-family:"Courier New";
81        panose-1:2 7 3 9 2 2 5 2 4 4;
82        mso-font-charset:0;
83        mso-generic-font-family:auto;
84        mso-font-pitch:variable;
85        mso-font-signature:3 0 0 0 1 0;}
86@font-face
87        {font-family:Times;
88        panose-1:2 0 5 0 0 0 0 0 0 0;
89        mso-font-charset:0;
90        mso-generic-font-family:auto;
91        mso-font-pitch:variable;
92        mso-font-signature:3 0 0 0 1 0;}
93@font-face
94        {font-family:Wingdings;
95        panose-1:5 2 1 2 1 8 4 8 7 8;
96        mso-font-charset:2;
97        mso-generic-font-family:auto;
98        mso-font-pitch:variable;
99        mso-font-signature:0 0 65536 0 -2147483648 0;}
100@font-face
101        {font-family:Cambria;
102        panose-1:2 4 5 3 5 4 6 3 2 4;
103        mso-font-charset:0;
104        mso-generic-font-family:auto;
105        mso-font-pitch:variable;
106        mso-font-signature:3 0 0 0 1 0;}
107@font-face
108        {font-family:Tahoma;
109        panose-1:2 11 6 4 3 5 4 4 2 4;
110        mso-font-charset:0;
111        mso-generic-font-family:auto;
112        mso-font-pitch:variable;
113        mso-font-signature:3 0 0 0 1 0;}
114@font-face
115        {font-family:Palatino;
116        panose-1:2 0 5 0 0 0 0 0 0 0;
117        mso-font-charset:0;
118        mso-generic-font-family:auto;
119        mso-font-pitch:variable;
120        mso-font-signature:3 0 0 0 1 0;}
121 /* Style Definitions */
122p.MsoNormal, li.MsoNormal, div.MsoNormal
123        {mso-style-parent:"";
124        margin:0in;
125        margin-bottom:.0001pt;
126        mso-pagination:widow-orphan;
127        font-size:12.0pt;
128        mso-bidi-font-size:10.0pt;
129        font-family:Palatino;
130        mso-fareast-font-family:Times;
131        mso-bidi-font-family:"Times New Roman";}
132h1
133        {mso-style-update:auto;
134        mso-style-next:Normal;
135        margin-top:12.0pt;
136        margin-right:0in;
137        margin-bottom:3.0pt;
138        margin-left:.25in;
139        text-indent:-.25in;
140        mso-pagination:widow-orphan;
141        page-break-after:avoid;
142        mso-outline-level:1;
143        mso-list:l10 level1 lfo4;
144        tab-stops:.25in;
145        font-size:12.0pt;
146        mso-bidi-font-size:10.0pt;
147        font-family:Palatino;
148        mso-font-kerning:16.0pt;}
149h2
150        {mso-style-update:auto;
151        mso-style-next:Normal;
152        margin-top:12.0pt;
153        margin-right:0in;
154        margin-bottom:3.0pt;
155        margin-left:0in;
156        text-align:center;
157        mso-pagination:widow-orphan;
158        page-break-after:avoid;
159        mso-outline-level:2;
160        font-size:14.0pt;
161        mso-bidi-font-size:10.0pt;
162        font-family:Helvetica;}
163h3
164        {mso-style-next:Normal;
165        margin-top:12.0pt;
166        margin-right:0in;
167        margin-bottom:3.0pt;
168        margin-left:.5in;
169        text-indent:-.25in;
170        mso-pagination:widow-orphan;
171        page-break-after:avoid;
172        mso-outline-level:3;
173        mso-list:l19 level1 lfo25;
174        font-size:13.0pt;
175        mso-bidi-font-size:10.0pt;
176        font-family:Helvetica;}
177h5
178        {mso-style-parent:Default;
179        mso-style-next:Default;
180        margin-top:12.0pt;
181        margin-right:0in;
182        margin-bottom:3.0pt;
183        margin-left:0in;
184        mso-pagination:none;
185        mso-outline-level:5;
186        mso-layout-grid-align:none;
187        text-autospace:none;
188        font-size:12.0pt;
189        mso-bidi-font-size:10.0pt;
190        font-family:"Times New Roman";
191        mso-fareast-font-family:"Times New Roman";
192        font-style:italic;
193        mso-bidi-font-style:normal;}
194p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
195        {mso-style-parent:Default;
196        mso-style-next:Default;
197        margin-top:12.0pt;
198        margin-right:0in;
199        margin-bottom:3.0pt;
200        margin-left:0in;
201        mso-pagination:none;
202        mso-outline-level:8;
203        mso-layout-grid-align:none;
204        text-autospace:none;
205        font-size:12.0pt;
206        mso-bidi-font-size:10.0pt;
207        font-family:"Times New Roman";
208        mso-fareast-font-family:"Times New Roman";
209        mso-bidi-font-family:"Times New Roman";}
210p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
211        {mso-style-parent:Default;
212        mso-style-next:Default;
213        margin-top:12.0pt;
214        margin-right:0in;
215        margin-bottom:3.0pt;
216        margin-left:0in;
217        mso-pagination:none;
218        mso-outline-level:9;
219        mso-layout-grid-align:none;
220        text-autospace:none;
221        font-size:12.0pt;
222        mso-bidi-font-size:10.0pt;
223        font-family:Arial;
224        mso-fareast-font-family:"Times New Roman";
225        mso-bidi-font-family:"Times New Roman";}
226p.MsoNormalIndent, li.MsoNormalIndent, div.MsoNormalIndent
227        {mso-style-noshow:yes;
228        margin-top:0in;
229        margin-right:0in;
230        margin-bottom:0in;
231        margin-left:.25in;
232        margin-bottom:.0001pt;
233        mso-pagination:widow-orphan;
234        font-size:12.0pt;
235        mso-bidi-font-size:10.0pt;
236        font-family:Palatino;
237        mso-fareast-font-family:Times;
238        mso-bidi-font-family:"Times New Roman";}
239p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
240        {mso-style-noshow:yes;
241        margin:0in;
242        margin-bottom:.0001pt;
243        mso-pagination:widow-orphan;
244        font-size:10.0pt;
245        font-family:Palatino;
246        mso-fareast-font-family:Times;
247        mso-bidi-font-family:"Times New Roman";}
248p.MsoCommentText, li.MsoCommentText, div.MsoCommentText
249        {mso-style-noshow:yes;
250        margin:0in;
251        margin-bottom:.0001pt;
252        mso-pagination:widow-orphan;
253        font-size:10.0pt;
254        font-family:Palatino;
255        mso-fareast-font-family:Times;
256        mso-bidi-font-family:"Times New Roman";}
257p.MsoHeader, li.MsoHeader, div.MsoHeader
258        {mso-style-noshow:yes;
259        margin:0in;
260        margin-bottom:.0001pt;
261        mso-pagination:widow-orphan;
262        tab-stops:center 3.0in right 6.0in;
263        font-size:12.0pt;
264        mso-bidi-font-size:10.0pt;
265        font-family:Palatino;
266        mso-fareast-font-family:Times;
267        mso-bidi-font-family:"Times New Roman";}
268p.MsoFooter, li.MsoFooter, div.MsoFooter
269        {mso-style-noshow:yes;
270        margin:0in;
271        margin-bottom:.0001pt;
272        mso-pagination:widow-orphan;
273        tab-stops:center 3.0in right 6.0in;
274        font-size:12.0pt;
275        mso-bidi-font-size:10.0pt;
276        font-family:Palatino;
277        mso-fareast-font-family:Times;
278        mso-bidi-font-family:"Times New Roman";}
279span.MsoFootnoteReference
280        {mso-style-noshow:yes;
281        vertical-align:super;}
282span.MsoCommentReference
283        {mso-style-noshow:yes;
284        mso-ansi-font-size:8.0pt;}
285p.MsoListNumber, li.MsoListNumber, div.MsoListNumber
286        {mso-style-noshow:yes;
287        margin-top:0in;
288        margin-right:0in;
289        margin-bottom:0in;
290        margin-left:.25in;
291        margin-bottom:.0001pt;
292        text-indent:-.25in;
293        mso-pagination:widow-orphan;
294        mso-list:l2 level1 lfo1;
295        tab-stops:list .25in;
296        font-size:12.0pt;
297        mso-bidi-font-size:10.0pt;
298        font-family:Palatino;
299        mso-fareast-font-family:Times;
300        mso-bidi-font-family:"Times New Roman";}
301p.MsoListNumber2, li.MsoListNumber2, div.MsoListNumber2
302        {mso-style-update:auto;
303        mso-style-noshow:yes;
304        mso-style-next:Normal;
305        margin-top:0in;
306        margin-right:0in;
307        margin-bottom:0in;
308        margin-left:.5in;
309        margin-bottom:.0001pt;
310        text-indent:-.25in;
311        mso-pagination:widow-orphan;
312        mso-outline-level:2;
313        mso-list:l9 level1 lfo2;
314        tab-stops:list .25in;
315        font-size:12.0pt;
316        mso-bidi-font-size:10.0pt;
317        font-family:Palatino;
318        mso-fareast-font-family:Times;
319        mso-bidi-font-family:"Times New Roman";
320        display:none;
321        mso-hide:all;}
322p.MsoBodyTextIndent, li.MsoBodyTextIndent, div.MsoBodyTextIndent
323        {mso-style-noshow:yes;
324        mso-style-parent:Default;
325        mso-style-next:Default;
326        margin-top:0in;
327        margin-right:0in;
328        margin-bottom:6.0pt;
329        margin-left:0in;
330        mso-pagination:none;
331        mso-layout-grid-align:none;
332        text-autospace:none;
333        font-size:12.0pt;
334        mso-bidi-font-size:10.0pt;
335        font-family:Symbol;
336        mso-fareast-font-family:"Times New Roman";
337        mso-bidi-font-family:"Times New Roman";}
338a:link, span.MsoHyperlink
339        {mso-style-noshow:yes;
340        color:blue;
341        text-decoration:underline;
342        text-underline:single;}
343a:visited, span.MsoHyperlinkFollowed
344        {mso-style-noshow:yes;
345        color:purple;
346        text-decoration:underline;
347        text-underline:single;}
348p.MsoCommentSubject, li.MsoCommentSubject, div.MsoCommentSubject
349        {mso-style-noshow:yes;
350        mso-style-parent:"Comment Text";
351        mso-style-next:"Comment Text";
352        margin:0in;
353        margin-bottom:.0001pt;
354        mso-pagination:widow-orphan;
355        font-size:10.0pt;
356        font-family:Palatino;
357        mso-fareast-font-family:Times;
358        mso-bidi-font-family:"Times New Roman";
359        font-weight:bold;
360        mso-bidi-font-weight:normal;}
361p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
362        {mso-style-noshow:yes;
363        margin:0in;
364        margin-bottom:.0001pt;
365        mso-pagination:widow-orphan;
366        font-size:8.0pt;
367        mso-bidi-font-size:10.0pt;
368        font-family:Tahoma;
369        mso-fareast-font-family:Times;
370        mso-bidi-font-family:"Times New Roman";}
371p.Default, li.Default, div.Default
372        {mso-style-name:Default;
373        mso-style-parent:"";
374        margin:0in;
375        margin-bottom:.0001pt;
376        mso-pagination:none;
377        mso-layout-grid-align:none;
378        text-autospace:none;
379        font-size:12.0pt;
380        mso-bidi-font-size:10.0pt;
381        font-family:Symbol;
382        mso-fareast-font-family:"Times New Roman";
383        mso-bidi-font-family:"Times New Roman";
384        color:black;}
385p.ParaNum1, li.ParaNum1, div.ParaNum1
386        {mso-style-name:ParaNum1;
387        mso-style-next:Normal;
388        margin-top:6.0pt;
389        margin-right:0in;
390        margin-bottom:6.0pt;
391        margin-left:.25in;
392        text-indent:-.25in;
393        mso-pagination:widow-orphan;
394        page-break-after:avoid;
395        mso-outline-level:1;
396        mso-list:l3 level1 lfo12;
397        tab-stops:.25in;
398        font-size:12.0pt;
399        mso-bidi-font-size:10.0pt;
400        font-family:Palatino;
401        mso-fareast-font-family:"Times New Roman";
402        mso-bidi-font-family:"Times New Roman";
403        font-weight:bold;
404        mso-bidi-font-weight:normal;}
405p.ParaNum2, li.ParaNum2, div.ParaNum2
406        {mso-style-name:ParaNum2;
407        mso-style-parent:ParaNum1;
408        margin-top:6.0pt;
409        margin-right:0in;
410        margin-bottom:6.0pt;
411        margin-left:.35in;
412        text-indent:-.1in;
413        mso-pagination:widow-orphan;
414        page-break-after:avoid;
415        mso-outline-level:2;
416        mso-list:l3 level2 lfo12;
417        tab-stops:.25in .6in list 51.3pt;
418        font-size:12.0pt;
419        mso-bidi-font-size:10.0pt;
420        font-family:Palatino;
421        mso-fareast-font-family:Times;
422        mso-bidi-font-family:"Times New Roman";}
423p.ParaNum3, li.ParaNum3, div.ParaNum3
424        {mso-style-name:ParaNum3;
425        mso-style-parent:ParaNum2;
426        margin-top:6.0pt;
427        margin-right:0in;
428        margin-bottom:6.0pt;
429        margin-left:.5in;
430        text-indent:-.5in;
431        mso-pagination:widow-orphan;
432        page-break-after:avoid;
433        mso-outline-level:3;
434        mso-list:l3 level3 lfo12;
435        tab-stops:.25in list .5in left .6in;
436        font-size:13.0pt;
437        mso-bidi-font-size:10.0pt;
438        font-family:Palatino;
439        mso-fareast-font-family:Times;
440        mso-bidi-font-family:"Times New Roman";}
441p.ParaNum4, li.ParaNum4, div.ParaNum4
442        {mso-style-name:ParaNum4;
443        mso-style-parent:ParaNum3;
444        margin-top:6.0pt;
445        margin-right:0in;
446        margin-bottom:6.0pt;
447        margin-left:.6in;
448        text-indent:-.6in;
449        mso-pagination:widow-orphan;
450        page-break-after:avoid;
451        mso-outline-level:4;
452        mso-list:l3 level4 lfo12;
453        tab-stops:.25in list .6in;
454        font-size:12.0pt;
455        mso-bidi-font-size:10.0pt;
456        font-family:Palatino;
457        mso-fareast-font-family:Times;
458        mso-bidi-font-family:"Times New Roman";
459        font-weight:bold;
460        mso-bidi-font-weight:normal;}
461p.Answerline, li.Answerline, div.Answerline
462        {mso-style-name:Answer_line;
463        margin-top:0in;
464        margin-right:0in;
465        margin-bottom:6.0pt;
466        margin-left:.25in;
467        mso-pagination:widow-orphan;
468        tab-stops:right 6.5in;
469        font-size:12.0pt;
470        mso-bidi-font-size:10.0pt;
471        font-family:Palatino;
472        mso-fareast-font-family:Times;
473        mso-bidi-font-family:"Times New Roman";
474        font-style:italic;
475        mso-bidi-font-style:normal;
476        text-decoration:underline;
477        text-underline:single;}
478p.Infoline, li.Infoline, div.Infoline
479        {mso-style-name:Info_line;
480        margin-top:0in;
481        margin-right:0in;
482        margin-bottom:6.0pt;
483        margin-left:.25in;
484        mso-pagination:widow-orphan;
485        tab-stops:right 5.5in;
486        font-size:12.0pt;
487        mso-bidi-font-size:10.0pt;
488        font-family:Palatino;
489        mso-fareast-font-family:Times;
490        mso-bidi-font-family:"Times New Roman";}
491p.SubHeading, li.SubHeading, div.SubHeading
492        {mso-style-name:SubHeading;
493        margin-top:0in;
494        margin-right:0in;
495        margin-bottom:6.0pt;
496        margin-left:.25in;
497        mso-pagination:widow-orphan;
498        page-break-after:avoid;
499        font-size:12.0pt;
500        mso-bidi-font-size:10.0pt;
501        font-family:Palatino;
502        mso-fareast-font-family:Times;
503        mso-bidi-font-family:"Times New Roman";
504        font-weight:bold;
505        mso-bidi-font-weight:normal;
506        font-style:italic;
507        mso-bidi-font-style:normal;}
508span.msoIns
509        {mso-style-type:export-only;
510        mso-style-name:"";
511        text-decoration:underline;
512        text-underline:single;
513        color:teal;}
514span.msoDel
515        {mso-style-type:export-only;
516        mso-style-name:"";
517        text-decoration:line-through;
518        color:red;}
519span.SpellE
520        {mso-style-name:"";
521        mso-spl-e:yes;}
522span.GramE
523        {mso-style-name:"";
524        mso-gram-e:yes;}
525 /* Page Definitions */
526@page
527        {mso-footnote-separator:url(":Participant Operational Principles 20090625_files:header.htm") fs;
528        mso-footnote-continuation-separator:url(":Participant Operational Principles 20090625_files:header.htm") fcs;
529        mso-endnote-separator:url(":Participant Operational Principles 20090625_files:header.htm") es;
530        mso-endnote-continuation-separator:url(":Participant Operational Principles 20090625_files:header.htm") ecs;}
531@page Section1
532        {size:8.5in 11.0in;
533        margin:44.65pt 1.0in 45.35pt 1.0in;
534        mso-header-margin:22.3pt;
535        mso-footer-margin:0in;
536        mso-page-numbers:1;
537        mso-title-page:yes;
538        mso-header:url(":Participant Operational Principles 20090625_files:header.htm") h1;
539        mso-footer:url(":Participant Operational Principles 20090625_files:header.htm") f1;
540        mso-paper-source:0;}
541div.Section1
542        {page:Section1;}
543 /* List Definitions */
544@list l0
545        {mso-list-id:-230089988;
546        mso-list-template-ids:-230090251;}
547@list l0:level1
548        {mso-level-suffix:none;
549        mso-level-text:"";
550        mso-level-tab-stop:none;
551        mso-level-number-position:left;
552        margin-left:0in;
553        text-indent:0in;}
554@list l0:level2
555        {mso-level-start-at:0;
556        mso-level-text:"";
557        mso-level-tab-stop:none;
558        mso-level-number-position:left;
559        margin-left:0in;
560        text-indent:0in;}
561@list l0:level3
562        {mso-level-start-at:0;
563        mso-level-text:"";
564        mso-level-tab-stop:none;
565        mso-level-number-position:left;
566        margin-left:0in;
567        text-indent:0in;}
568@list l0:level4
569        {mso-level-start-at:0;
570        mso-level-text:"";
571        mso-level-tab-stop:none;
572        mso-level-number-position:left;
573        margin-left:0in;
574        text-indent:0in;}
575@list l0:level5
576        {mso-level-start-at:0;
577        mso-level-text:"";
578        mso-level-tab-stop:none;
579        mso-level-number-position:left;
580        margin-left:0in;
581        text-indent:0in;}
582@list l0:level6
583        {mso-level-start-at:0;
584        mso-level-text:"";
585        mso-level-tab-stop:none;
586        mso-level-number-position:left;
587        margin-left:0in;
588        text-indent:0in;}
589@list l0:level7
590        {mso-level-start-at:0;
591        mso-level-text:"";
592        mso-level-tab-stop:none;
593        mso-level-number-position:left;
594        margin-left:0in;
595        text-indent:0in;}
596@list l0:level8
597        {mso-level-start-at:0;
598        mso-level-text:"";
599        mso-level-tab-stop:none;
600        mso-level-number-position:left;
601        margin-left:0in;
602        text-indent:0in;}
603@list l0:level9
604        {mso-level-start-at:0;
605        mso-level-text:"";
606        mso-level-tab-stop:none;
607        mso-level-number-position:left;
608        margin-left:0in;
609        text-indent:0in;}
610@list l1
611        {mso-list-id:-130;
612        mso-list-type:simple;
613        mso-list-template-ids:-1429950398;}
614@list l1:level1
615        {mso-level-tab-stop:.75in;
616        mso-level-number-position:left;
617        margin-left:.75in;
618        text-indent:-.25in;}
619@list l2
620        {mso-list-id:-120;
621        mso-list-type:simple;
622        mso-list-template-ids:-119516326;}
623@list l2:level1
624        {mso-level-style-link:"List Number";
625        mso-level-tab-stop:.25in;
626        mso-level-number-position:left;
627        margin-left:.25in;
628        text-indent:-.25in;}
629@list l3
630        {mso-list-id:118964155;
631        mso-list-template-ids:1688786304;}
632@list l3:level1
633        {mso-level-style-link:ParaNum1;
634        mso-level-tab-stop:30.6pt;
635        mso-level-number-position:left;
636        margin-left:30.6pt;
637        text-indent:-.3in;}
638@list l3:level2
639        {mso-level-style-link:ParaNum2;
640        mso-level-text:"%1\.%2";
641        mso-level-tab-stop:51.3pt;
642        mso-level-number-position:left;
643        margin-left:51.3pt;
644        text-indent:-.4in;}
645@list l3:level3
646        {mso-level-style-link:ParaNum3;
647        mso-level-text:"%1\.%2\.%3";
648        mso-level-tab-stop:.5in;
649        mso-level-number-position:left;
650        margin-left:.5in;
651        text-indent:-.5in;}
652@list l3:level4
653        {mso-level-style-link:ParaNum4;
654        mso-level-text:"%1\.%2\.%3\.%4";
655        mso-level-tab-stop:.6in;
656        mso-level-number-position:left;
657        margin-left:.6in;
658        text-indent:-.6in;}
659@list l3:level5
660        {mso-level-text:"%1\.%2\.%3\.%4\.%5";
661        mso-level-tab-stop:.7in;
662        mso-level-number-position:left;
663        margin-left:.7in;
664        text-indent:-.7in;}
665@list l3:level6
666        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
667        mso-level-tab-stop:.8in;
668        mso-level-number-position:left;
669        margin-left:.8in;
670        text-indent:-.8in;}
671@list l3:level7
672        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
673        mso-level-tab-stop:.9in;
674        mso-level-number-position:left;
675        margin-left:.9in;
676        text-indent:-.9in;}
677@list l3:level8
678        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
679        mso-level-tab-stop:1.0in;
680        mso-level-number-position:left;
681        margin-left:1.0in;
682        text-indent:-1.0in;}
683@list l3:level9
684        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
685        mso-level-tab-stop:1.1in;
686        mso-level-number-position:left;
687        margin-left:1.1in;
688        text-indent:-1.1in;}
689@list l4
690        {mso-list-id:122771163;
691        mso-list-type:hybrid;
692        mso-list-template-ids:-1463253572;}
693@list l4:level1
694        {mso-level-number-format:bullet;
695        mso-level-text:\F0A7;
696        mso-level-tab-stop:.5in;
697        mso-level-number-position:left;
698        text-indent:-.25in;
699        font-family:Wingdings;}
700@list l5
701        {mso-list-id:290789187;
702        mso-list-type:hybrid;
703        mso-list-template-ids:1303133070;}
704@list l5:level1
705        {mso-level-number-format:bullet;
706        mso-level-text:\F0A7;
707        mso-level-tab-stop:1.0in;
708        mso-level-number-position:left;
709        margin-left:1.0in;
710        text-indent:-.25in;
711        font-family:Wingdings;}
712@list l6
713        {mso-list-id:326714960;
714        mso-list-template-ids:1688786304;}
715@list l6:level1
716        {mso-level-tab-stop:.3in;
717        mso-level-number-position:left;
718        margin-left:.3in;
719        text-indent:-.3in;}
720@list l6:level2
721        {mso-level-text:"%1\.%2";
722        mso-level-tab-stop:55.8pt;
723        mso-level-number-position:left;
724        margin-left:55.8pt;
725        text-indent:-.4in;}
726@list l6:level3
727        {mso-level-text:"%1\.%2\.%3";
728        mso-level-tab-stop:.5in;
729        mso-level-number-position:left;
730        margin-left:.5in;
731        text-indent:-.5in;}
732@list l6:level4
733        {mso-level-text:"%1\.%2\.%3\.%4";
734        mso-level-tab-stop:.6in;
735        mso-level-number-position:left;
736        margin-left:.6in;
737        text-indent:-.6in;}
738@list l6:level5
739        {mso-level-text:"%1\.%2\.%3\.%4\.%5";
740        mso-level-tab-stop:.7in;
741        mso-level-number-position:left;
742        margin-left:.7in;
743        text-indent:-.7in;}
744@list l6:level6
745        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
746        mso-level-tab-stop:.8in;
747        mso-level-number-position:left;
748        margin-left:.8in;
749        text-indent:-.8in;}
750@list l6:level7
751        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
752        mso-level-tab-stop:.9in;
753        mso-level-number-position:left;
754        margin-left:.9in;
755        text-indent:-.9in;}
756@list l6:level8
757        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
758        mso-level-tab-stop:1.0in;
759        mso-level-number-position:left;
760        margin-left:1.0in;
761        text-indent:-1.0in;}
762@list l6:level9
763        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
764        mso-level-tab-stop:1.1in;
765        mso-level-number-position:left;
766        margin-left:1.1in;
767        text-indent:-1.1in;}
768@list l7
769        {mso-list-id:458188739;
770        mso-list-type:hybrid;
771        mso-list-template-ids:-723357820;}
772@list l7:level1
773        {mso-level-number-format:bullet;
774        mso-level-text:\F0A7;
775        mso-level-tab-stop:.5in;
776        mso-level-number-position:left;
777        text-indent:-.25in;
778        font-family:Wingdings;}
779@list l8
780        {mso-list-id:509178171;
781        mso-list-type:hybrid;
782        mso-list-template-ids:1954292624;}
783@list l8:level1
784        {mso-level-number-format:bullet;
785        mso-level-text:\F0A7;
786        mso-level-tab-stop:1.0in;
787        mso-level-number-position:left;
788        margin-left:1.0in;
789        text-indent:-.25in;
790        font-family:Wingdings;}
791@list l9
792        {mso-list-id:510066843;
793        mso-list-template-ids:1289243900;}
794@list l9:level1
795        {mso-level-style-link:"List Number 2";
796        mso-level-tab-stop:.25in;
797        mso-level-number-position:left;
798        margin-left:.25in;
799        text-indent:-.25in;}
800@list l9:level2
801        {mso-level-text:"%1\.%2\.";
802        mso-level-tab-stop:.55in;
803        mso-level-number-position:left;
804        margin-left:.55in;
805        text-indent:-.3in;}
806@list l9:level3
807        {mso-level-text:"%1\.%2\.%3\.";
808        mso-level-tab-stop:1.0in;
809        mso-level-number-position:left;
810        margin-left:.85in;
811        text-indent:-.35in;}
812@list l9:level4
813        {mso-level-text:"%1\.%2\.%3\.%4\.";
814        mso-level-tab-stop:1.5in;
815        mso-level-number-position:left;
816        margin-left:1.2in;
817        text-indent:-.45in;}
818@list l9:level5
819        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.";
820        mso-level-tab-stop:1.75in;
821        mso-level-number-position:left;
822        margin-left:1.55in;
823        text-indent:-.55in;}
824@list l9:level6
825        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.";
826        mso-level-tab-stop:2.25in;
827        mso-level-number-position:left;
828        margin-left:1.9in;
829        text-indent:-.65in;}
830@list l9:level7
831        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.";
832        mso-level-tab-stop:2.5in;
833        mso-level-number-position:left;
834        margin-left:2.25in;
835        text-indent:-.75in;}
836@list l9:level8
837        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.";
838        mso-level-tab-stop:3.0in;
839        mso-level-number-position:left;
840        margin-left:2.6in;
841        text-indent:-.85in;}
842@list l9:level9
843        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9\.";
844        mso-level-tab-stop:3.5in;
845        mso-level-number-position:left;
846        margin-left:3.0in;
847        text-indent:-1.0in;}
848@list l10
849        {mso-list-id:552546795;
850        mso-list-type:hybrid;
851        mso-list-template-ids:2001389968;}
852@list l10:level1
853        {mso-level-style-link:"Heading 1";
854        mso-level-tab-stop:.5in;
855        mso-level-number-position:left;
856        text-indent:-.25in;}
857@list l10:level2
858        {mso-level-number-format:alpha-lower;
859        mso-level-tab-stop:1.0in;
860        mso-level-number-position:left;
861        text-indent:-.25in;}
862@list l11
863        {mso-list-id:743333162;
864        mso-list-type:hybrid;
865        mso-list-template-ids:-959944902;}
866@list l11:level1
867        {mso-level-number-format:bullet;
868        mso-level-text:\F0A7;
869        mso-level-tab-stop:.5in;
870        mso-level-number-position:left;
871        text-indent:-.25in;
872        font-family:Wingdings;}
873@list l12
874        {mso-list-id:800458257;
875        mso-list-type:hybrid;
876        mso-list-template-ids:-1166001906;}
877@list l12:level1
878        {mso-level-number-format:bullet;
879        mso-level-text:\F0A7;
880        mso-level-tab-stop:.5in;
881        mso-level-number-position:left;
882        text-indent:-.25in;
883        font-family:Wingdings;}
884@list l13
885        {mso-list-id:823330667;
886        mso-list-template-ids:823330179;}
887@list l13:level1
888        {mso-level-suffix:none;
889        mso-level-text:"";
890        mso-level-tab-stop:none;
891        mso-level-number-position:left;
892        margin-left:0in;
893        text-indent:0in;}
894@list l13:level2
895        {mso-level-start-at:0;
896        mso-level-text:"";
897        mso-level-tab-stop:none;
898        mso-level-number-position:left;
899        margin-left:0in;
900        text-indent:0in;}
901@list l13:level3
902        {mso-level-start-at:0;
903        mso-level-text:"";
904        mso-level-tab-stop:none;
905        mso-level-number-position:left;
906        margin-left:0in;
907        text-indent:0in;}
908@list l13:level4
909        {mso-level-start-at:0;
910        mso-level-text:"";
911        mso-level-tab-stop:none;
912        mso-level-number-position:left;
913        margin-left:0in;
914        text-indent:0in;}
915@list l13:level5
916        {mso-level-start-at:0;
917        mso-level-text:"";
918        mso-level-tab-stop:none;
919        mso-level-number-position:left;
920        margin-left:0in;
921        text-indent:0in;}
922@list l13:level6
923        {mso-level-start-at:0;
924        mso-level-text:"";
925        mso-level-tab-stop:none;
926        mso-level-number-position:left;
927        margin-left:0in;
928        text-indent:0in;}
929@list l13:level7
930        {mso-level-start-at:0;
931        mso-level-text:"";
932        mso-level-tab-stop:none;
933        mso-level-number-position:left;
934        margin-left:0in;
935        text-indent:0in;}
936@list l13:level8
937        {mso-level-start-at:0;
938        mso-level-text:"";
939        mso-level-tab-stop:none;
940        mso-level-number-position:left;
941        margin-left:0in;
942        text-indent:0in;}
943@list l13:level9
944        {mso-level-start-at:0;
945        mso-level-text:"";
946        mso-level-tab-stop:none;
947        mso-level-number-position:left;
948        margin-left:0in;
949        text-indent:0in;}
950@list l14
951        {mso-list-id:893732589;
952        mso-list-template-ids:-230090251;}
953@list l14:level1
954        {mso-level-suffix:none;
955        mso-level-text:"";
956        mso-level-tab-stop:none;
957        mso-level-number-position:left;
958        margin-left:0in;
959        text-indent:0in;}
960@list l14:level2
961        {mso-level-number-format:bullet;
962        mso-level-text:o;
963        mso-level-tab-stop:.25in;
964        mso-level-number-position:left;
965        margin-left:.25in;
966        text-indent:-.25in;
967        font-family:"Courier New";}
968@list l14:level3
969        {mso-level-start-at:0;
970        mso-level-text:"";
971        mso-level-tab-stop:none;
972        mso-level-number-position:left;
973        margin-left:0in;
974        text-indent:0in;}
975@list l14:level4
976        {mso-level-start-at:0;
977        mso-level-text:"";
978        mso-level-tab-stop:none;
979        mso-level-number-position:left;
980        margin-left:0in;
981        text-indent:0in;}
982@list l14:level5
983        {mso-level-start-at:0;
984        mso-level-text:"";
985        mso-level-tab-stop:none;
986        mso-level-number-position:left;
987        margin-left:0in;
988        text-indent:0in;}
989@list l14:level6
990        {mso-level-start-at:0;
991        mso-level-text:"";
992        mso-level-tab-stop:none;
993        mso-level-number-position:left;
994        margin-left:0in;
995        text-indent:0in;}
996@list l14:level7
997        {mso-level-start-at:0;
998        mso-level-text:"";
999        mso-level-tab-stop:none;
1000        mso-level-number-position:left;
1001        margin-left:0in;
1002        text-indent:0in;}
1003@list l14:level8
1004        {mso-level-start-at:0;
1005        mso-level-text:"";
1006        mso-level-tab-stop:none;
1007        mso-level-number-position:left;
1008        margin-left:0in;
1009        text-indent:0in;}
1010@list l14:level9
1011        {mso-level-start-at:0;
1012        mso-level-text:"";
1013        mso-level-tab-stop:none;
1014        mso-level-number-position:left;
1015        margin-left:0in;
1016        text-indent:0in;}
1017@list l15
1018        {mso-list-id:1031951565;
1019        mso-list-template-ids:1688786304;}
1020@list l15:level1
1021        {mso-level-tab-stop:30.6pt;
1022        mso-level-number-position:left;
1023        margin-left:30.6pt;
1024        text-indent:-.3in;}
1025@list l15:level2
1026        {mso-level-text:"%1\.%2";
1027        mso-level-tab-stop:51.3pt;
1028        mso-level-number-position:left;
1029        margin-left:51.3pt;
1030        text-indent:-.4in;}
1031@list l15:level3
1032        {mso-level-text:"%1\.%2\.%3";
1033        mso-level-tab-stop:.5in;
1034        mso-level-number-position:left;
1035        margin-left:.5in;
1036        text-indent:-.5in;}
1037@list l15:level4
1038        {mso-level-text:"%1\.%2\.%3\.%4";
1039        mso-level-tab-stop:.6in;
1040        mso-level-number-position:left;
1041        margin-left:.6in;
1042        text-indent:-.6in;}
1043@list l15:level5
1044        {mso-level-text:"%1\.%2\.%3\.%4\.%5";
1045        mso-level-tab-stop:.7in;
1046        mso-level-number-position:left;
1047        margin-left:.7in;
1048        text-indent:-.7in;}
1049@list l15:level6
1050        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
1051        mso-level-tab-stop:.8in;
1052        mso-level-number-position:left;
1053        margin-left:.8in;
1054        text-indent:-.8in;}
1055@list l15:level7
1056        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
1057        mso-level-tab-stop:.9in;
1058        mso-level-number-position:left;
1059        margin-left:.9in;
1060        text-indent:-.9in;}
1061@list l15:level8
1062        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
1063        mso-level-tab-stop:1.0in;
1064        mso-level-number-position:left;
1065        margin-left:1.0in;
1066        text-indent:-1.0in;}
1067@list l15:level9
1068        {mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
1069        mso-level-tab-stop:1.1in;
1070        mso-level-number-position:left;
1071        margin-left:1.1in;
1072        text-indent:-1.1in;}
1073@list l16
1074        {mso-list-id:1218471181;
1075        mso-list-template-ids:-230090251;}
1076@list l16:level1
1077        {mso-level-suffix:none;
1078        mso-level-text:"";
1079        mso-level-tab-stop:none;
1080        mso-level-number-position:left;
1081        margin-left:0in;
1082        text-indent:0in;}
1083@list l16:level2
1084        {mso-level-number-format:bullet;
1085        mso-level-text:o;
1086        mso-level-tab-stop:.25in;
1087        mso-level-number-position:left;
1088        margin-left:.25in;
1089        text-indent:-.25in;
1090        font-family:"Courier New";}
1091@list l16:level3
1092        {mso-level-start-at:0;
1093        mso-level-text:"";
1094        mso-level-tab-stop:none;
1095        mso-level-number-position:left;
1096        margin-left:0in;
1097        text-indent:0in;}
1098@list l16:level4
1099        {mso-level-start-at:0;
1100        mso-level-text:"";
1101        mso-level-tab-stop:none;
1102        mso-level-number-position:left;
1103        margin-left:0in;
1104        text-indent:0in;}
1105@list l16:level5
1106        {mso-level-start-at:0;
1107        mso-level-text:"";
1108        mso-level-tab-stop:none;
1109        mso-level-number-position:left;
1110        margin-left:0in;
1111        text-indent:0in;}
1112@list l16:level6
1113        {mso-level-start-at:0;
1114        mso-level-text:"";
1115        mso-level-tab-stop:none;
1116        mso-level-number-position:left;
1117        margin-left:0in;
1118        text-indent:0in;}
1119@list l16:level7
1120        {mso-level-start-at:0;
1121        mso-level-text:"";
1122        mso-level-tab-stop:none;
1123        mso-level-number-position:left;
1124        margin-left:0in;
1125        text-indent:0in;}
1126@list l16:level8
1127        {mso-level-start-at:0;
1128        mso-level-text:"";
1129        mso-level-tab-stop:none;
1130        mso-level-number-position:left;
1131        margin-left:0in;
1132        text-indent:0in;}
1133@list l16:level9
1134        {mso-level-start-at:0;
1135        mso-level-text:"";
1136        mso-level-tab-stop:none;
1137        mso-level-number-position:left;
1138        margin-left:0in;
1139        text-indent:0in;}
1140@list l17
1141        {mso-list-id:1404840040;
1142        mso-list-type:hybrid;
1143        mso-list-template-ids:-1463253572;}
1144@list l17:level1
1145        {mso-level-number-format:bullet;
1146        mso-level-text:o;
1147        mso-level-tab-stop:.5in;
1148        mso-level-number-position:left;
1149        text-indent:-.25in;
1150        font-family:"Courier New";}
1151@list l18
1152        {mso-list-id:1576277269;
1153        mso-list-type:hybrid;
1154        mso-list-template-ids:-369350650;}
1155@list l18:level1
1156        {mso-level-number-format:bullet;
1157        mso-level-text:\F0A7;
1158        mso-level-tab-stop:.5in;
1159        mso-level-number-position:left;
1160        text-indent:-.25in;
1161        font-family:Wingdings;}
1162@list l19
1163        {mso-list-id:1775399476;
1164        mso-list-type:hybrid;
1165        mso-list-template-ids:392854938 -1035572430 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
1166@list l19:level1
1167        {mso-level-style-link:"Heading 3";
1168        mso-level-tab-stop:none;
1169        mso-level-number-position:left;
1170        text-indent:-.25in;}
1171@list l20
1172        {mso-list-id:1787692500;
1173        mso-list-template-ids:-230090251;}
1174@list l20:level1
1175        {mso-level-suffix:none;
1176        mso-level-text:"";
1177        mso-level-tab-stop:none;
1178        mso-level-number-position:left;
1179        margin-left:0in;
1180        text-indent:0in;}
1181@list l20:level2
1182        {mso-level-number-format:bullet;
1183        mso-level-text:o;
1184        mso-level-tab-stop:.25in;
1185        mso-level-number-position:left;
1186        margin-left:.25in;
1187        text-indent:-.25in;
1188        font-family:"Courier New";}
1189@list l20:level3
1190        {mso-level-start-at:0;
1191        mso-level-text:"";
1192        mso-level-tab-stop:none;
1193        mso-level-number-position:left;
1194        margin-left:0in;
1195        text-indent:0in;}
1196@list l20:level4
1197        {mso-level-start-at:0;
1198        mso-level-text:"";
1199        mso-level-tab-stop:none;
1200        mso-level-number-position:left;
1201        margin-left:0in;
1202        text-indent:0in;}
1203@list l20:level5
1204        {mso-level-start-at:0;
1205        mso-level-text:"";
1206        mso-level-tab-stop:none;
1207        mso-level-number-position:left;
1208        margin-left:0in;
1209        text-indent:0in;}
1210@list l20:level6
1211        {mso-level-start-at:0;
1212        mso-level-text:"";
1213        mso-level-tab-stop:none;
1214        mso-level-number-position:left;
1215        margin-left:0in;
1216        text-indent:0in;}
1217@list l20:level7
1218        {mso-level-start-at:0;
1219        mso-level-text:"";
1220        mso-level-tab-stop:none;
1221        mso-level-number-position:left;
1222        margin-left:0in;
1223        text-indent:0in;}
1224@list l20:level8
1225        {mso-level-start-at:0;
1226        mso-level-text:"";
1227        mso-level-tab-stop:none;
1228        mso-level-number-position:left;
1229        margin-left:0in;
1230        text-indent:0in;}
1231@list l20:level9
1232        {mso-level-start-at:0;
1233        mso-level-text:"";
1234        mso-level-tab-stop:none;
1235        mso-level-number-position:left;
1236        margin-left:0in;
1237        text-indent:0in;}
1238@list l21
1239        {mso-list-id:1910068372;
1240        mso-list-type:hybrid;
1241        mso-list-template-ids:-208002364;}
1242@list l21:level1
1243        {mso-level-number-format:bullet;
1244        mso-level-text:\F0A7;
1245        mso-level-tab-stop:.5in;
1246        mso-level-number-position:left;
1247        text-indent:-.25in;
1248        font-family:Wingdings;}
1249@list l22
1250        {mso-list-id:2107268747;
1251        mso-list-type:hybrid;
1252        mso-list-template-ids:-1387086034;}
1253@list l22:level1
1254        {mso-level-number-format:bullet;
1255        mso-level-text:\F0A7;
1256        mso-level-tab-stop:.5in;
1257        mso-level-number-position:left;
1258        text-indent:-.25in;
1259        font-family:Wingdings;}
1260@list l23
1261        {mso-list-id:2146660216;
1262        mso-list-type:hybrid;
1263        mso-list-template-ids:1327400142;}
1264@list l23:level1
1265        {mso-level-number-format:bullet;
1266        mso-level-text:\F0A7;
1267        mso-level-tab-stop:.5in;
1268        mso-level-number-position:left;
1269        text-indent:-.25in;
1270        font-family:Wingdings;}
1271ol
1272        {margin-bottom:0in;}
1273ul
1274        {margin-bottom:0in;}
1275-->
1276</style>
1277<!--[if gte mso 10]>
1278<style>
1279 /* Style Definitions */
1280table.MsoNormalTable
1281        {mso-style-name:"Table Normal";
1282        mso-tstyle-rowband-size:0;
1283        mso-tstyle-colband-size:0;
1284        mso-style-noshow:yes;
1285        mso-style-parent:"";
1286        mso-padding-alt:0in 5.4pt 0in 5.4pt;
1287        mso-para-margin:0in;
1288        mso-para-margin-bottom:.0001pt;
1289        mso-pagination:widow-orphan;
1290        font-size:10.0pt;
1291        font-family:Times;}
1292</style>
1293<![endif]--><!--[if gte mso 9]><xml>
1294 <o:shapedefaults v:ext="edit" spidmax="2050"/>
1295</xml><![endif]--><!--[if gte mso 9]><xml>
1296 <o:shapelayout v:ext="edit">
1297  <o:idmap v:ext="edit" data="1"/>
1298 </o:shapelayout></xml><![endif]-->
1299</head>
1300
1301<body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>
1302
1303<div class=Section1>
1304
1305<p class=MsoNormal align=center style='text-align:center'><a name="OLE_LINK7"></a><a
1306name="OLE_LINK8"><span style='mso-bookmark:OLE_LINK7'><b style='mso-bidi-font-weight:
1307normal'><span style='font-size:14.0pt;mso-bidi-font-size:10.0pt;font-family:
1308Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>INCOMMON
1309FEDERATION: PARTICIPANT<br>
1310OPERATIONAL PRACTICES<o:p></o:p></span></b></span></a></p>
1311
1312<p class=MsoNormal><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
1313OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1314mso-hansi-theme-font:minor-latin'><o:p>&nbsp;</o:p></span></span></span></p>
1315
1316<p class=MsoNormal style='text-indent:.5in'><span style='mso-bookmark:OLE_LINK8'><span
1317style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1318minor-latin;mso-hansi-theme-font:minor-latin;color:black'>Participation in the <span
1319class=SpellE>InCommon</span> Federation (ÒFederationÓ) enables a federation
1320participating organization (&quot;Participant&quot;) to use Shibboleth <i
1321style='mso-bidi-font-style:normal'>identity</i> <i style='mso-bidi-font-style:
1322normal'>attribute </i>sharing technologies to manage access to on-line
1323resources that can be made available to the <span class=SpellE><span
1324class=GramE>InCommon</span></span> community.<span style="mso-spacerun:
1325yes">&nbsp; </span>One goal of the Federation is to develop, over time,
1326community standards for such cooperating organizations to ensure that shared <i
1327style='mso-bidi-font-style:normal'>attribute</i> <i style='mso-bidi-font-style:
1328normal'>assertions</i> are sufficiently robust and trustworthy to manage access
1329to important protected resources.<span style="mso-spacerun: yes">&nbsp;
1330</span>As the community of trust evolves, the Federation expects that
1331participants eventually should be able to trust each other's <i
1332style='mso-bidi-font-style:normal'>identity management systems</i> and resource
1333<i style='mso-bidi-font-style:normal'>access management systems</i> as they
1334trust their own.<span style="mso-spacerun: yes">&nbsp; </span><o:p></o:p></span></span></span></p>
1335
1336<p class=MsoNormal style='text-indent:.5in'><span style='mso-bookmark:OLE_LINK8'><span
1337style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1338minor-latin;mso-hansi-theme-font:minor-latin;color:black'><o:p>&nbsp;</o:p></span></span></span></p>
1339
1340<p class=MsoNormal style='text-indent:.5in'><span style='mso-bookmark:OLE_LINK8'><span
1341style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1342minor-latin;mso-hansi-theme-font:minor-latin;color:black'>A fundamental
1343expectation of Participants is that they provide authoritative and accurate
1344attribute assertions to other Participants, and that Participants receiving an
1345attribute assertion protect it and respect privacy constraints placed on it by
1346the Federation or the source of that information.<span style="mso-spacerun:
1347yes">&nbsp; </span>In furtherance of this goal, <span class=SpellE>InCommon</span>
1348requires that each Participant make available to other Participants certain
1349basic information about any identity management system, including the identity
1350attributes that are supported, or resource access management system registered
1351for use within the Federation.<o:p></o:p></span></span></span></p>
1352
1353<p class=MsoNormal style='text-indent:.5in'><span style='mso-bookmark:OLE_LINK8'><span
1354style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1355minor-latin;mso-hansi-theme-font:minor-latin;color:black'><o:p>&nbsp;</o:p></span></span></span></p>
1356
1357<p class=MsoNormal style='text-indent:.5in'><span style='mso-bookmark:OLE_LINK8'><span
1358style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1359minor-latin;mso-hansi-theme-font:minor-latin;color:black'>Two criteria for
1360trustworthy attribute assertions by <i style='mso-bidi-font-style:normal'>Identity
1361Providers</i> are: (1) that the identity management system fall under the
1362purview of the organizationÕs executive or business management, and (2) the
1363system for issuing end-user credentials (e.g., PKI certificates, <span
1364class=SpellE>userids</span>/passwords, Kerberos principals, etc.) specifically
1365have in place appropriate risk management measures (e.g., <i style='mso-bidi-font-style:
1366normal'>authentication</i> and <i style='mso-bidi-font-style:normal'>authorization</i>
1367standards, security practices, risk assessment, change management controls,
1368audit trails, etc.).<i style='mso-bidi-font-style:normal'> </i><o:p></o:p></span></span></span></p>
1369
1370<p class=MsoNormal><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
1371OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1372mso-hansi-theme-font:minor-latin;color:black'><o:p>&nbsp;</o:p></span></span></span></p>
1373
1374<p class=MsoNormal style='text-indent:.5in'><span style='mso-bookmark:OLE_LINK8'><span
1375style='mso-bookmark:OLE_LINK7'><span class=SpellE><span style='font-family:
1376Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
1377color:black'>InCommon</span></span></span></span><span style='mso-bookmark:
1378OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;
1379mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;color:black'>
1380expects that <i style='mso-bidi-font-style:normal'>Service Providers</i>, who
1381receive attribute assertions from another Participant, respect the other
1382Participant's policies, rules, and standards regarding the protection and use
1383of that data.<span style="mso-spacerun: yes">&nbsp; </span>Furthermore, such
1384information should be used only for the purposes for which it was
1385provided.<span style="mso-spacerun: yes">&nbsp; </span><span class=SpellE>InCommon</span>
1386strongly discourages the sharing of that data with third parties, or aggregation
1387of it for marketing purposes without the explicit permission</span></span></span><a
1388style='mso-footnote-id:ftn' href="#_ftn1" name="_ftnref" title=""><span
1389style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1390class=MsoFootnoteReference><span style='font-family:Cambria;mso-ascii-theme-font:
1391minor-latin;mso-hansi-theme-font:minor-latin;color:black'><span
1392style='mso-special-character:footnote'><![if !supportFootnotes]>[1]<![endif]></span></span></span></span></span></a><span
1393style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1394style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1395minor-latin;color:black'> of the identity information providing
1396Participant.<span style="mso-spacerun: yes">&nbsp; </span><o:p></o:p></span></span></span></p>
1397
1398<p class=MsoNormal><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
1399OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1400mso-hansi-theme-font:minor-latin;color:black'><o:p>&nbsp;</o:p></span></span></span></p>
1401
1402<p class=MsoNormal style='text-indent:.5in'><span style='mso-bookmark:OLE_LINK8'><span
1403style='mso-bookmark:OLE_LINK7'><span class=SpellE><span style='font-family:
1404Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
1405color:black'>InCommon</span></span></span></span><span style='mso-bookmark:
1406OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;
1407mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;color:black'>
1408requires Participants to make available to all other Participants answers to
1409the questions below.</span></span></span><a style='mso-footnote-id:ftn'
1410href="#_ftn2" name="_ftnref" title=""><span style='mso-bookmark:OLE_LINK8'><span
1411style='mso-bookmark:OLE_LINK7'><span class=MsoFootnoteReference><span
1412style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1413minor-latin;color:black'><span style='mso-special-character:footnote'><![if !supportFootnotes]>[2]<![endif]></span></span></span></span></span></a><span
1414style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1415style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1416minor-latin;color:black'><span style="mso-spacerun: yes">&nbsp;
1417</span>Additional information to help answer each question is available in the
1418next section of this document.<span style="mso-spacerun: yes">&nbsp;
1419</span>There is also a glossary at the end of this document that defines terms
1420shown in italics.<a name="_Ref484143697"><o:p></o:p></a></span></span></span></p>
1421
1422<h3 style='margin-left:0in;mso-list:l19 level1 lfo25;mso-list-change:"%1\:1\:0\:\." "David Bantz" 20090625T1716'><span
1423style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1424style='mso-bookmark:_Ref484143697'><![if !supportLists]><span style='mso-fareast-font-family:
1425Helvetica;mso-bidi-font-family:Helvetica;color:black'><span style='mso-list:
1426Ignore'>1.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span
1427style='color:black'><o:p>&nbsp;</o:p></span></span></span></span></h3>
1428
1429<h3 style='margin-left:0in;mso-list:l19 level1 lfo25;mso-list-change:"%1\:2\:0\:\." "David Bantz" 20090625T1716'><span
1430style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1431style='mso-bookmark:_Ref484143697'><![if !supportLists]><span style='mso-fareast-font-family:
1432Helvetica;mso-bidi-font-family:Helvetica;color:black'><span style='mso-list:
1433Ignore'>2.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span
1434style='color:black'>1.<span style="mso-spacerun: yes">&nbsp; </span></span>Federation
1435Participant Information<span style='color:black'><o:p></o:p></span></span></span></span></h3>
1436
1437<span style='mso-bookmark:_Ref484143697'></span>
1438
1439<p class=ParaNum2 style='mso-list:l3 level2 lfo12;mso-list-change:"%1\:1\:0\:\.%2\:1\:0\:" "David Bantz" 20090625T1716'><span
1440style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><![if !supportLists]><span
1441style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
1442Cambria;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
1443mso-bidi-font-family:Cambria;mso-bidi-theme-font:minor-latin'><span
1444style='mso-list:Ignore'>1.1<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;
1445</span></span></span><![endif]><span style='font-family:Cambria;mso-ascii-theme-font:
1446minor-latin;mso-hansi-theme-font:minor-latin'>The <span class=SpellE>InCommon</span>
1447Participant Operational Practices information below is for:<o:p></o:p></span></span></span></p>
1448
1449<p class=Infoline style='margin-left:27.0pt;tab-stops:346.4pt 376.8pt right 5.5in'><span
1450style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1451class=SpellE><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1452mso-hansi-theme-font:minor-latin'>InCommon</span></span></span></span><span
1453style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1454style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1455minor-latin'> Participant organization name <i style='mso-bidi-font-style:normal'><span
1456style="mso-spacerun: yes">&nbsp;&nbsp;</span>University of Alaska</i><o:p></o:p></span></span></span></p>
1457
1458<p class=Infoline style='margin-left:27.0pt'><span style='mso-bookmark:OLE_LINK8'><span
1459style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1460minor-latin;mso-hansi-theme-font:minor-latin'>The information below is accurate
1461as of this date<span style="mso-spacerun: yes">&nbsp; </span><i
1462style='mso-bidi-font-style:normal'><span style="mso-spacerun:
1463yes">&nbsp;</span>2009-02-20</i><o:p></o:p></span></span></span></p>
1464
1465<p class=ParaNum2 style='mso-list:l3 level2 lfo12;mso-list-change:"%1\:1\:0\:\.%2\:2\:0\:" "David Bantz" 20090625T1716'><span
1466style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><a
1467name="_Ref491345499"><![if !supportLists]><span style='font-family:Cambria;
1468mso-ascii-theme-font:minor-latin;mso-fareast-font-family:Cambria;mso-fareast-theme-font:
1469minor-latin;mso-hansi-theme-font:minor-latin;mso-bidi-font-family:Cambria;
1470mso-bidi-theme-font:minor-latin'><span style='mso-list:Ignore'>1.2<span
1471style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span
1472style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1473minor-latin'>Identity Management and/or Privacy information</span></a></span></span><span
1474style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1475style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1476minor-latin'><o:p></o:p></span></span></span></p>
1477
1478<p class=MsoNormalIndent style='margin-top:0in;margin-right:0in;margin-bottom:
14796.0pt;margin-left:27.0pt'><span style='mso-bookmark:OLE_LINK8'><span
1480style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1481minor-latin;mso-hansi-theme-font:minor-latin'>Additional information about the
1482ParticipantÕs identity management practices and/or privacy policy regarding
1483personal information can be found on-line at the following location(s).<o:p></o:p></span></span></span></p>
1484
1485<p class=Infoline style='margin-left:27.0pt'><span style='mso-bookmark:OLE_LINK8'><span
1486style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1487minor-latin;mso-hansi-theme-font:minor-latin'>URL(s)<span style="mso-spacerun:
1488yes">&nbsp; </span><i style='mso-bidi-font-style:normal'><span
1489style="mso-spacerun: yes">&nbsp;</span><o:p></o:p></i></span></span></span></p>
1490
1491<p class=Infoline style='margin-left:27.0pt'><span style='mso-bookmark:OLE_LINK8'><span
1492style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1493style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1494minor-latin'>UA Board of Regents Policy and University Regulation: <br>
1495</span></i></span></span><a href="http://www.alaska.edu/bor/policy-regulations/"><span
1496style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
1497style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1498minor-latin;mso-hansi-theme-font:minor-latin'>http://www.alaska.edu/bor/policy-regulations/</span></i></span></span><span
1499style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span></a><span
1500style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
1501style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1502minor-latin;mso-hansi-theme-font:minor-latin'><span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
1503
1504<p class=Infoline style='margin-left:27.0pt'><span style='mso-bookmark:OLE_LINK8'><span
1505style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1506style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1507minor-latin'>UA Student &amp; Enrollment Services documentation on FERPA
1508compliance:<br>
1509</span></i></span></span><span style='mso-bookmark:OLE_LINK8'><span
1510style='mso-bookmark:OLE_LINK7'></span></span><a
1511href="http://www.alaska.edu/studentservices/ferpa/"><span style='mso-bookmark:
1512OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;
1513mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>http://www.alaska.edu/studentservices/ferpa/</span></span></span><span
1514style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span></a><span
1515style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1516style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1517minor-latin'><o:p></o:p></span></span></span></p>
1518
1519<p class=Infoline style='margin-left:27.0pt'><span style='mso-bookmark:OLE_LINK8'><span
1520style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1521minor-latin;mso-hansi-theme-font:minor-latin'><o:p>&nbsp;</o:p></span></span></span></p>
1522
1523<p class=ParaNum2 style='mso-list:l3 level2 lfo12;mso-list-change:"%1\:1\:0\:\.%2\:3\:0\:" "David Bantz" 20090625T1716'><span
1524style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><a
1525name="_Ref491344385"><![if !supportLists]><span style='font-family:Cambria;
1526mso-ascii-theme-font:minor-latin;mso-fareast-font-family:Cambria;mso-fareast-theme-font:
1527minor-latin;mso-hansi-theme-font:minor-latin;mso-bidi-font-family:Cambria;
1528mso-bidi-theme-font:minor-latin'><span style='mso-list:Ignore'>1.3<span
1529style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span
1530style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1531minor-latin'>Contact information</span></a></span></span><span
1532style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1533style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1534minor-latin'><o:p></o:p></span></span></span></p>
1535
1536<p class=MsoNormalIndent style='margin-bottom:6.0pt'><span style='mso-bookmark:
1537OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;
1538mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>The
1539following person or office can answer questions about the ParticipantÕs<i
1540style='mso-bidi-font-style:normal'> </i>identity management system or resource
1541access management policy or practice.<o:p></o:p></span></span></span></p>
1542
1543<p class=Infoline style='margin-left:27.0pt;tab-stops:112.5pt right 5.5in'><span
1544style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1545style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1546minor-latin'>Name<span style="mso-spacerun: yes">&nbsp; </span><i
1547style='mso-bidi-font-style:normal'><span style="mso-spacerun:
1548yes">&nbsp;</span><span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>David
1549Bantz</i><o:p></o:p></span></span></span></p>
1550
1551<p class=Infoline style='margin-left:27.0pt;tab-stops:112.5pt right 5.5in'><span
1552style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1553style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1554minor-latin'>Title or role<span style="mso-spacerun: yes">&nbsp; </span><i
1555style='mso-bidi-font-style:normal'><span style="mso-spacerun:
1556yes">&nbsp;</span><span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Chief
1557Information Architect</i><o:p></o:p></span></span></span></p>
1558
1559<p class=Infoline style='margin-left:27.0pt;tab-stops:112.5pt right 5.5in'><span
1560style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1561style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1562minor-latin'>Email address<span style="mso-spacerun: yes">&nbsp; </span><i
1563style='mso-bidi-font-style:normal'><span style="mso-spacerun:
1564yes">&nbsp;</span>Q@alaska.edu</i><o:p></o:p></span></span></span></p>
1565
1566<p class=Infoline style='margin-left:27.0pt;tab-stops:112.5pt right 207.0pt left 225.0pt right 5.5in'><span
1567style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1568style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1569minor-latin'>Phone<span style="mso-spacerun: yes">&nbsp; </span><i
1570style='mso-bidi-font-style:normal'><span style="mso-spacerun:
1571yes">&nbsp;</span><span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>+1
1572907 450 8314</i><span style='mso-tab-count:2'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><i
1573style='mso-bidi-font-style:normal'><span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></i><o:p></o:p></span></span></span></p>
1574
1575<p class=MsoNormal style='tab-stops:112.5pt'><span style='mso-bookmark:OLE_LINK8'><span
1576style='mso-bookmark:OLE_LINK7'><a name="_Ref484143231"><span style='font-family:
1577Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'><o:p>&nbsp;</o:p></span></a></span></span></p>
1578
1579<h3 style='margin-left:0in;mso-list:l19 level1 lfo25;mso-list-change:"%1\:3\:0\:\." "David Bantz" 20090625T1716'><span
1580style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1581style='mso-bookmark:_Ref484143231'><a name="_Ref491346906"><![if !supportLists]><span
1582style='mso-fareast-font-family:Helvetica;mso-bidi-font-family:Helvetica'><span
1583style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;
1584</span></span></span><![endif]>2. Identity Provider Information</a></span></span></span></h3>
1585
1586<span style='mso-bookmark:_Ref484143231'></span>
1587
1588<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1589margin-left:.25in'><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
1590OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1591mso-hansi-theme-font:minor-latin'>The most critical responsibility that an
1592Identity Provider Participant has to the Federation is to provide trustworthy
1593and accurate identity assertions.</span></span></span><a style='mso-footnote-id:
1594ftn' href="#_ftn3" name="_ftnref" title=""><span style='mso-bookmark:OLE_LINK8'><span
1595style='mso-bookmark:OLE_LINK7'><span class=MsoFootnoteReference><span
1596style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1597minor-latin'><span style='mso-special-character:footnote'><![if !supportFootnotes]>[3]<![endif]></span></span></span></span></span></a><span
1598style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1599style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1600minor-latin'><span style="mso-spacerun: yes">&nbsp; </span>It is important for
1601a Service Provider to know how your <i style='mso-bidi-font-style:normal'>electronic
1602identity credentials</i> are issued and how reliable the information associated
1603with a given credential (or person) is. <o:p></o:p></span></span></span></p>
1604
1605<h5><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1606style='font-size:14.0pt;mso-bidi-font-size:10.0pt'>Community<o:p></o:p></span></span></span></h5>
1607
1608<p class=ParaNum2 style='margin-left:22.5pt;text-indent:0in;mso-list:none;
1609tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
1610style='mso-bookmark:OLE_LINK7'><a name="_Ref491346920"><span style='font-family:
1611Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>2.1 If
1612you are an Identity Provider, how do you define the set of people who are
1613eligible to receive an <i style='mso-bidi-font-style:normal'>electronic
1614identity</i>?<span style="mso-spacerun: yes">&nbsp; </span>If exceptions to
1615this definition are allowed, who must approve such an exception?</span></a></span></span><span
1616style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1617style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1618minor-latin'><o:p></o:p></span></span></span></p>
1619
1620<p class=MsoNormal style='margin-left:.35in;tab-stops:right 6.5in;mso-prop-change:
1621"David Bantz" 20090220T1010'><span style='mso-bookmark:OLE_LINK8'><span
1622style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1623style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1624minor-latin'>Records of current employees and students are extracted from our
1625institutional Human Resources and Student Information Systems (both are
1626components of <span class=SpellE>SunGardHEÕs</span> Banner) and provisioned
1627unique identities in UAÕs <span class=SpellE>IdM</span>.<span
1628style="mso-spacerun: yes">&nbsp; </span>Business practices routinely discover
1629and flag instances of multiple (ÒduplicateÓ) records for a single individual
1630and mark those records as Òbad.Ó Identities based on ÒbadÓ records are removed
1631from our <span class=SpellE>IdM</span>.<span style="mso-spacerun: yes">&nbsp;
1632</span>An employeeÕs identity is inactivated upon termination; a studentÕs
1633identity is inactivated after three sequential terms with no course
1634registration.<o:p></o:p></span></i></span></span></p>
1635
1636<p class=MsoNormal style='margin-left:.35in;tab-stops:right 6.5in'><span
1637style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
1638style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1639minor-latin;mso-hansi-theme-font:minor-latin'>ÒGuestsÓ may have identities
1640created in our <span class=SpellE>IdM</span> through sponsorship by a
1641recognized department.<span style="mso-spacerun: yes">&nbsp; </span>Only those
1642granted specific administrative role in our <span class=SpellE>IdM</span> are
1643technically able to add guests.<span style="mso-spacerun: yes">&nbsp;
1644</span>Those roles are in turn granted through designated Òsecurity
1645coordinatorsÓ at each institution.<span style="mso-spacerun: yes">&nbsp;
1646</span>Departments are annually provided the names of people they are
1647sponsoring and must explicitly request renewal for those identities to be
1648retained.<span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
1649
1650<p class=ParaNum2 style='margin-left:22.5pt;text-indent:0in;mso-list:none;
1651tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
1652style='mso-bookmark:OLE_LINK7'><a name="_Ref491346932"><span style='font-family:
1653Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>2.2 ÒMember
1654of CommunityÓ</span></a></span></span><a style='mso-footnote-id:ftn'
1655href="#_ftn4" name="_ftnref" title=""><span style='mso-bookmark:OLE_LINK8'><span
1656style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref491346932'><span
1657class=MsoFootnoteReference><span style='font-family:Cambria;mso-ascii-theme-font:
1658minor-latin;mso-hansi-theme-font:minor-latin'><span style='mso-special-character:
1659footnote'><![if !supportFootnotes]>[4]<![endif]></span></span></span></span></span></span></a><span
1660style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1661style='mso-bookmark:_Ref491346932'><span style='font-family:Cambria;mso-ascii-theme-font:
1662minor-latin;mso-hansi-theme-font:minor-latin'> is an assertion that might be
1663offered to enable access to resources made available to individuals who
1664participate in the primary mission of the university or organization.<span
1665style="mso-spacerun: yes">&nbsp; </span>For example, this assertion might apply
1666to anyone whose affiliation is Òcurrent student, faculty, or staff.Ó<span
1667style="mso-spacerun: yes">&nbsp; </span><br>
1668<br>
1669What subset of persons registered in your identity management system would you
1670identify as a ÒMember of CommunityÓ in Shibboleth identity assertions to other <span
1671class=SpellE>InCommon</span> Participants?</span></span></span></span><span
1672style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1673style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1674minor-latin'><o:p></o:p></span></span></span></p>
1675
1676<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1677margin-left:.35in;tab-stops:right 6.5in;mso-prop-change:"David Bantz" 20090220T1022'><span
1678style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
1679style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1680minor-latin;mso-hansi-theme-font:minor-latin'>Non-terminated employees and
1681students registered in the current term.<span style="mso-spacerun: yes">&nbsp;
1682</span><o:p></o:p></span></i></span></span></p>
1683
1684<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1685margin-left:.35in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
1686style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1687style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1688minor-latin'>Non-terminated employees include some who do not have a current
1689assignment (for example, faculty on sabbatical or other leave).<span
1690style="mso-spacerun: yes">&nbsp; </span>While some calendar days on the
1691University calendar are not in any term, for purposes of determining whether a
1692student is registered Òin the current termÓ, a date between terms designates
1693the change from one term to the next.<span style="mso-spacerun: yes">&nbsp;
1694</span>For some purposes, such as maintaining access to email and portal
1695accounts, we allow students to authenticate and maintain access to accounts up
1696to three terms after their last registration; we would consider using this
1697extended subset for Òmember of communityÓ for specific services or resources.<span
1698style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
1699
1700<h5><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1701style='font-size:14.0pt;mso-bidi-font-size:10.0pt'>Electronic Identity
1702Credentials<o:p></o:p></span></span></span></h5>
1703
1704<p class=ParaNum2 style='text-indent:0in;mso-list:none'><span style='mso-bookmark:
1705OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><a name="_Ref484143726"><span
1706style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1707minor-latin'>2.3 Please describe in general terms the administrative process
1708used to establish an electronic identity that results in a record for that
1709person being created in your <i style='mso-bidi-font-style:normal'>electronic
1710identity database</i>?<span style="mso-spacerun: yes">&nbsp; </span>Please
1711identify the<i style='mso-bidi-font-style:normal'> </i>office(s) of record for
1712this purpose.<span style="mso-spacerun: yes">&nbsp; </span>For example,
1713ÒRegistrarÕs Office for students; HR for faculty and staff.Ó</span></a></span></span><span
1714style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1715style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1716minor-latin'><o:p></o:p></span></span></span></p>
1717
1718<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1719margin-left:.35in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
1720style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1721style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1722minor-latin'>As described in 2.1, current employees (faculty and staff) and
1723students in our HR and Student information system of record (Banner) are automatically
1724provisioned identities (currently via a once/day extract, but potentially more
1725frequent data exports or database triggers).<span style="mso-spacerun:
1726yes">&nbsp; </span><span class=GramE>Employee records are entered only by the
1727institutionsÕ offices of human resources</span>.<span style="mso-spacerun:
1728yes">&nbsp; </span>Students may register in person through registrars, or
1729entirely online; payment is required to complete registration.<span
1730style="mso-spacerun: yes">&nbsp; </span>Unlike employees and students,
1731identities of guests are typically not vetted; in addition to being designated
1732a sponsored person with a responsible official sponsoring department in our <span
1733class=SpellE>IdM</span>, their username and id are prefixed with the string Ò<span
1734class=SpellE>uaguest</span>_Ó.<span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
1735
1736<p class=ParaNum2 style='text-indent:0in;mso-list:none;tab-stops:.25in .6in'><span
1737style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><a
1738name="_Ref484143732"></a><a name="_Ref491344811"><span style='mso-bookmark:
1739_Ref484143732'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1740mso-hansi-theme-font:minor-latin'>2.4 What technologies are used for your
1741electronic identity credentials (e.g., Kerberos, </span></span></a><span
1742class=SpellE><span style='mso-bookmark:_Ref491344811'><span style='mso-bookmark:
1743_Ref484143732'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1744mso-hansi-theme-font:minor-latin'>userID</span></span></span></span></span></span><span
1745style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1746style='mso-bookmark:_Ref491344811'><span style='mso-bookmark:_Ref484143732'><span
1747style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1748minor-latin'>/password, PKI<span class=GramE>, ...</span>) that are relevant to
1749Federation activities?<span style="mso-spacerun: yes">&nbsp; </span>If more than
1750one type of electronic credential is issued, how is it determined who receives
1751which type?</span></span></span></span></span><span style='mso-bookmark:OLE_LINK8'><span
1752style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref491344811'><span
1753style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1754minor-latin'><span style="mso-spacerun: yes">&nbsp; </span>If multiple
1755credentials are linked, how is this managed (e.g., anyone with a Kerberos
1756credential also can acquire a PKI credential) and recorded?</span></span></span></span><span
1757style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1758style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1759minor-latin'><o:p></o:p></span></span></span></p>
1760
1761<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1762margin-left:.35in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
1763style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1764style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1765minor-latin'>Entities in the <span class=SpellE>IdM</span> have passwords that
1766are stored in MIT Kerberos KDC, which is the backend credential store of the UA
1767Enterprise LDAP directory; we use the Duke University Kerberos plug-in for
1768using the external KDC.<span style="mso-spacerun: yes">&nbsp; </span>Prior to October
17692008 passwords were stored in the internal LDAP database; as <span class=GramE>these
1770passwords are reset by users</span>, their accounts are Ò<span class=SpellE>kerberized</span>.Ó<span
1771style="mso-spacerun: yes">&nbsp; </span>All active accounts should be <span
1772class=SpellE>kerberized</span> by the end of CY2009.<span style='mso-tab-count:
17731'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
1774
1775<p class=ParaNum2 style='margin-left:27.0pt;text-indent:0in;mso-list:none;
1776tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
1777style='mso-bookmark:OLE_LINK7'><a name="_Ref484143738"><span style='font-family:
1778Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>2.5 If
1779your electronic identity credentials require the use of a secret password or
1780PIN, and there are circumstances in which that secret would be transmitted
1781across a network without being protected by encryption (i.e., Òclear text
1782passwordsÓ are used when accessing campus services), please identify who in
1783your organization can discuss with any other Participant concerns that this
1784might raise for them:</span></a></span></span><span style='mso-bookmark:OLE_LINK8'><span
1785style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1786minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></p>
1787
1788<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1789margin-left:.35in;tab-stops:right 6.5in;mso-prop-change:"David Bantz" 20090220T1349'><span
1790style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><a
1791name="OLE_LINK5"></a><a name="OLE_LINK6"><span style='mso-bookmark:OLE_LINK5'><i
1792style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1793minor-latin;mso-hansi-theme-font:minor-latin'>We require connections to our
1794LDAP and </span></i></span></a><span class=SpellE><span style='mso-bookmark:
1795OLE_LINK6'><span style='mso-bookmark:OLE_LINK5'><i style='mso-bidi-font-style:
1796normal'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1797mso-hansi-theme-font:minor-latin'>IdM</span></i></span></span></span></span></span><span
1798style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1799style='mso-bookmark:OLE_LINK6'><span style='mso-bookmark:OLE_LINK5'><i
1800style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1801minor-latin;mso-hansi-theme-font:minor-latin'> web interfaces to use encrypted
1802(https) sessions, so clear text passwords are not sent for LDAP authentication,
1803for our CAS-like web central authentication service, nor, obviously, to the
1804Kerberos KDC.<span style="mso-spacerun: yes">&nbsp; </span>We expect
1805applications using LDAP or our web authentication service to receive and send
1806passwords using encrypted communications only, but realistically cannot guarantee
1807compliance.<span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></span></span></p>
1808
1809<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1810margin-left:.35in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
1811style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:OLE_LINK6'><span
1812style='mso-bookmark:OLE_LINK5'><i style='mso-bidi-font-style:normal'><span
1813style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1814minor-latin'>Contact UA OIT Chief Information Security Officer Kerry <span
1815class=SpellE>Digou</span>, </span></i></span></span></span></span><a
1816href="mailto:sxkmd@email.alaska.edu"><span style='mso-bookmark:OLE_LINK8'><span
1817style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:OLE_LINK6'><span
1818style='mso-bookmark:OLE_LINK5'><i style='mso-bidi-font-style:normal'><span
1819style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1820minor-latin;text-decoration:none;text-underline:none'>sxkmd@email.alaska.edu</span></i></span></span></span></span><span
1821style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1822style='mso-bookmark:OLE_LINK6'><span style='mso-bookmark:OLE_LINK5'></span></span></span></span></a><span
1823style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1824style='mso-bookmark:OLE_LINK6'><span style='mso-bookmark:OLE_LINK5'><i
1825style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1826minor-latin;mso-hansi-theme-font:minor-latin'> or UA OIT Chief Information
1827Architect David Bantz, Q@alaska.edu<o:p></o:p></span></i></span></span></span></span></p>
1828
1829<span style='mso-bookmark:OLE_LINK5'></span><span style='mso-bookmark:OLE_LINK6'></span>
1830
1831<p class=ParaNum2 style='margin-left:27.0pt;text-indent:0in;mso-list:none;
1832tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
1833style='mso-bookmark:OLE_LINK7'><a name="_Ref484143744"></a><a
1834name="_Ref491344942"><span style='mso-bookmark:_Ref484143744'></span></a><span
1835class=GramE><span style='mso-bookmark:_Ref491344942'><span style='mso-bookmark:
1836_Ref484143744'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1837mso-hansi-theme-font:minor-latin'>2.6<span style="mso-spacerun: yes">&nbsp;
1838</span>If</span></span></span></span></span></span><span style='mso-bookmark:
1839OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref491344942'><span
1840style='mso-bookmark:_Ref484143744'><span style='font-family:Cambria;mso-ascii-theme-font:
1841minor-latin;mso-hansi-theme-font:minor-latin'> you support a Òsingle sign-onÓ
1842(SSO) or similar campus-wide system to allow a single user authentication
1843action to serve multiple applications, and you will make use of this to
1844authenticate people for <span class=SpellE>InCommon</span> Service Providers,
1845please describe the key security aspects of your SSO system including whether
1846session timeouts are enforced by the system</span></span></span></span></span><span
1847style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1848style='mso-bookmark:_Ref491344942'><span style='font-family:Cambria;mso-ascii-theme-font:
1849minor-latin;mso-hansi-theme-font:minor-latin'>, whether user-initiated session
1850termination is supported, and how use with Òpublic access sitesÓ is protected.</span></span></span></span><span
1851style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1852style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1853minor-latin'><span style="mso-spacerun: yes">&nbsp; </span><o:p></o:p></span></span></span></p>
1854
1855<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1856margin-left:.35in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
1857style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1858style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1859minor-latin'>UAÕs central authentication service for web-based applications is
1860not strictly speaking an SSO service; each application requests
1861authentication.<span style="mso-spacerun: yes">&nbsp; </span>However, it is
1862possible to authenticate to the service itself and then launch multiple
1863subscribing services without explicitly re-authenticating.<span
1864style="mso-spacerun: yes">&nbsp; </span>This SSO-like function will <b
1865style='mso-bidi-font-weight:normal'>not</b> be used for or available to <span
1866class=SpellE>InCommon</span> Service Providers. Session time-outs are <b
1867style='mso-bidi-font-weight:normal'>not</b> in place.<span style="mso-spacerun:
1868yes">&nbsp; </span>Sessions <b style='mso-bidi-font-weight:normal'>are</b>
1869terminated with close of browser window(s) for that service.<span
1870style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
1871
1872<p class=ParaNum2 style='margin-left:27.0pt;text-indent:0in;mso-list:none;
1873tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
1874style='mso-bookmark:OLE_LINK7'><a name="_Ref484143786"></a><span class=GramE><span
1875style='mso-bookmark:_Ref484143786'><span style='font-family:Cambria;mso-ascii-theme-font:
1876minor-latin;mso-hansi-theme-font:minor-latin'>2.7<span style="mso-spacerun:
1877yes">&nbsp; </span>Are</span></span></span></span></span><span
1878style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1879style='mso-bookmark:_Ref484143786'><span style='font-family:Cambria;mso-ascii-theme-font:
1880minor-latin;mso-hansi-theme-font:minor-latin'> your primary <i
1881style='mso-bidi-font-style:normal'>electronic identifiers</i> for people, such
1882as Ònet ID,Ó <span class=SpellE>eduPersonPrincipalName</span>, or <span
1883class=SpellE>eduPersonTargetedID</span> considered to be unique for all time to
1884the individual to whom they are assigned?<span style="mso-spacerun: yes">&nbsp;
1885</span>If not, what is your policy for re-assignment and is there a hiatus
1886between such reuse?</span></span></span></span><span style='mso-bookmark:OLE_LINK8'><span
1887style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
1888minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></p>
1889
1890<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1891margin-left:.35in;tab-stops:right 6.5in;mso-prop-change:"David Bantz" 20090220T1408'><span
1892style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
1893style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1894minor-latin;mso-hansi-theme-font:minor-latin'>Locally assigned identifiers and
1895used within UAÕs <span class=SpellE>IdM</span> are intended and controlled to
1896be unique for all time to the individual to whom assigned.<span
1897style="mso-spacerun: yes">&nbsp; </span>(We do have legacy identifiers in use
1898on some systems that have in the past been re-issued, but these are not used as
1899unique identifiers within UAÕs <span class=SpellE>IdM</span>.)<span
1900style="mso-spacerun: yes">&nbsp; </span>UA assigns a name-based ÒUA UsernameÓ
1901and a number-like string ÒUA ID#Ó and a UID meaningful only internal to the <span
1902class=SpellE>IdM</span>.<span style="mso-spacerun: yes">&nbsp; </span>Kerberos
1903principals are </span></i></span></span><a href="mailto:UAID%23@ALASKA.EDU"><span
1904style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
1905style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1906minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
1907none'>UAID#@ALASKA.EDU</span></i></span></span><span style='mso-bookmark:OLE_LINK8'><span
1908style='mso-bookmark:OLE_LINK7'></span></span></a><span style='mso-bookmark:
1909OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:
1910normal'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
1911mso-hansi-theme-font:minor-latin'>.<span style="mso-spacerun: yes">&nbsp;
1912</span>Sponsored accounts (guests) receive UA Username and UA ID# prefixed with
1913the string Ò<span class=SpellE>uaguest</span>_Ó.<o:p></o:p></span></i></span></span></p>
1914
1915<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1916margin-left:.35in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
1917style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1918style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1919minor-latin'>UA Usernames may be changed if the personÕs legal name changes,
1920but the old UA Username is not available for re-issue.<span
1921style="mso-spacerun: yes">&nbsp; </span>UA ID# is intended and controlled to be
1922permanent (does not change regardless of status of the person).<span
1923style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
1924
1925<h5><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1926style='font-size:14.0pt;mso-bidi-font-size:10.0pt'>Electronic Identity Database<o:p></o:p></span></span></span></h5>
1927
1928<p class=ParaNum2 style='text-indent:0in;mso-list:none;tab-stops:.25in .6in'><span
1929style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><a
1930name="_Ref484143794"></a><span class=GramE><span style='mso-bookmark:_Ref484143794'><span
1931style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1932minor-latin'>2.8<span style="mso-spacerun: yes">&nbsp; </span>How</span></span></span></span></span><span
1933style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1934style='mso-bookmark:_Ref484143794'><span style='font-family:Cambria;mso-ascii-theme-font:
1935minor-latin;mso-hansi-theme-font:minor-latin'> is information in your
1936electronic identity database acquired and updated?<span style="mso-spacerun:
1937yes">&nbsp; </span>Are specific offices designated by your administration to
1938perform this function?<span style="mso-spacerun: yes">&nbsp; </span>Are
1939individuals allowed to update their own information on-line?</span></span></span></span><span
1940style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1941style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1942minor-latin'><o:p></o:p></span></span></span></p>
1943
1944<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1945margin-left:.35in;tab-stops:right 6.5in;mso-prop-change:"David Bantz" 20090220T1415'><span
1946style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
1947style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1948minor-latin;mso-hansi-theme-font:minor-latin'>For employees and students: A
1949personÕs legal name, preferred first name, student registration data (campus
1950and program of each course, declared major and minor, credit hours), employment
1951information (home department, employee type), assigned UA Username and UA ID#
1952originate in and are updated from Banner only.<span style="mso-spacerun:
1953yes">&nbsp; </span><span class=GramE>These data in Banner may generally be
1954edited only by UAÕs HR offices (for employees) and RegistrarÕs offices (for
1955students.</span><span style="mso-spacerun: yes">&nbsp; </span>Some employee
1956data may be updated by the employeeÕs departmental administration.<span
1957style="mso-spacerun: yes">&nbsp; </span>Students may register and change registration
1958on line.<o:p></o:p></span></i></span></span></p>
1959
1960<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1961margin-left:.35in;tab-stops:right 6.5in;mso-prop-change:"David Bantz" 20090220T1415'><span
1962style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
1963style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
1964minor-latin;mso-hansi-theme-font:minor-latin'>Information about email accounts
1965assigned to an individual may be entered and updated by other individuals with
1966the <span class=SpellE>IdM</span> role of email administrator.<span
1967style="mso-spacerun: yes">&nbsp; </span>Email administrators are responsible
1968for entering assigned email account information (address, authentication
1969method, protocols supported) and may edit the <span class=SpellE>mailRoutingAddress</span>
1970and advertised email address (each of which may have a different value).<o:p></o:p></span></i></span></span></p>
1971
1972<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
1973margin-left:.35in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
1974style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
1975style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1976minor-latin'>Data not actively maintained in Banner HR or Banner SIS may be
1977entered and updated by individual users; this includes: employee working title,
1978secretary, office location, phone, advertised email address, URL, USPS mailing
1979address.<span style="mso-spacerun: yes">&nbsp; </span>In addition, individuals
1980may edit their <span class=SpellE>mailRoutingAddress</span>, assign themselves
1981vanity email addresses routed to their <span class=SpellE>mailRoutingAddress</span>,
1982and edit the email addresses advertised in the public directory.<span
1983style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
1984
1985<p class=ParaNum2 style='margin-left:27.0pt;text-indent:0in;mso-list:none;
1986tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
1987style='mso-bookmark:OLE_LINK7'><a name="_Ref484580135"></a><span class=GramE><span
1988style='mso-bookmark:_Ref484580135'><span style='font-family:Cambria;mso-ascii-theme-font:
1989minor-latin;mso-hansi-theme-font:minor-latin'>2.9<span style="mso-spacerun:
1990yes">&nbsp; </span>What</span></span></span></span></span><span
1991style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1992style='mso-bookmark:_Ref484580135'><span style='font-family:Cambria;mso-ascii-theme-font:
1993minor-latin;mso-hansi-theme-font:minor-latin'> information in this database is
1994considered Òpublic informationÓ and would be provided to any interested party?</span></span></span></span><span
1995style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
1996style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
1997minor-latin'><o:p></o:p></span></span></span></p>
1998
1999<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2000margin-left:.35in;tab-stops:right 6.5in;mso-prop-change:"David Bantz" 20090220T1434'><span
2001style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
2002style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
2003minor-latin;mso-hansi-theme-font:minor-latin'>For students who elect
2004confidentiality of their records under FERPA: no data is public information;
2005not even the existence of the record is public or would be confirmed even if an
2006inquirer provides <span class=GramE>a</span> identifier.<o:p></o:p></span></i></span></span></p>
2007
2008<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2009margin-left:.35in;tab-stops:right 6.5in;mso-prop-change:"David Bantz" 20090220T1434'><span
2010style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><i
2011style='mso-bidi-font-style:normal'><span style='font-family:Cambria;mso-ascii-theme-font:
2012minor-latin;mso-hansi-theme-font:minor-latin'>For other students: UA has
2013designated Òdirectory informationÓ that includes name, campus, major or program
2014of study, email address; this is the data that would be provided and is
2015available via our public electronic directory.<o:p></o:p></span></i></span></span></p>
2016
2017<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2018margin-left:.35in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
2019style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
2020style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2021minor-latin'>For employees: name, home and other departments or units with
2022which affiliated, working title, email, campus (office) location(s), phone(s),
2023mailing address, administrative contact (ÒsecretaryÓ attribute).<span
2024style="mso-spacerun: yes">&nbsp; </span>Note <span class=GramE>that not all
2025this data is automatically populated so may not be present for some employees</span>.<span
2026style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
2027
2028<h5><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2029style='font-size:14.0pt;mso-bidi-font-size:10.0pt'>Uses of Your Electronic
2030Identity Credential System<o:p></o:p></span></span></span></h5>
2031
2032<p class=ParaNum2 style='margin-left:27.0pt;text-indent:0in;mso-list:none;
2033tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2034style='mso-bookmark:OLE_LINK7'><a name="_Ref484143813"></a><span class=GramE><span
2035style='mso-bookmark:_Ref484143813'><span style='font-family:Cambria;mso-ascii-theme-font:
2036minor-latin;mso-hansi-theme-font:minor-latin'>2.10<span style="mso-spacerun:
2037yes">&nbsp; </span>Please</span></span></span></span></span><span
2038style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2039style='mso-bookmark:_Ref484143813'><span style='font-family:Cambria;mso-ascii-theme-font:
2040minor-latin;mso-hansi-theme-font:minor-latin'> identify typical classes of
2041applications for which your electronic identity credentials are used within
2042your own organization</span></span></span></span><span style='mso-bookmark:
2043OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;
2044mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>.<span
2045style="mso-spacerun: yes">&nbsp; </span><o:p></o:p></span></span></span></p>
2046
2047<p class=Answerline style='margin-left:.5in;mso-prop-change:"David Bantz" 20090220T1442'><span
2048style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2049class=GramE><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2050mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:none'>web</span></span></span></span><span
2051style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2052style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2053minor-latin;text-decoration:none;text-underline:none'> applications, including <span
2054class=SpellE>MyUA</span> portal<o:p></o:p></span></span></span></p>
2055
2056<p class=Answerline style='margin-left:.5in;mso-prop-change:"David Bantz" 20090220T1442'><span
2057style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2058style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2059minor-latin;text-decoration:none;text-underline:none'>Blackboard Course
2060Management System<o:p></o:p></span></span></span></p>
2061
2062<p class=Answerline style='margin-left:.5in;mso-prop-change:"David Bantz" 20090220T1442'><span
2063style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2064style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2065minor-latin;text-decoration:none;text-underline:none'>Online Directory
2066(ÒphonebookÓ) also used to publish printed directories<o:p></o:p></span></span></span></p>
2067
2068<p class=Answerline style='margin-left:.5in;mso-prop-change:"David Bantz" 20090220T1442'><span
2069style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2070style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2071minor-latin;text-decoration:none;text-underline:none'>Wireless network access
2072(currently not used, but has been and may again)<o:p></o:p></span></span></span></p>
2073
2074<p class=Answerline style='margin-left:.5in;mso-prop-change:"David Bantz" 20090220T1442'><span
2075style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2076style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2077minor-latin;text-decoration:none;text-underline:none'>Document imaging and
2078management system<o:p></o:p></span></span></span></p>
2079
2080<p class=Answerline style='margin-left:.5in;mso-prop-change:"David Bantz" 20090220T1442'><span
2081style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2082style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2083minor-latin;text-decoration:none;text-underline:none'>Help Desk (Service
2084Center) incident tracking<o:p></o:p></span></span></span></p>
2085
2086<p class=Answerline style='margin-left:.5in;mso-prop-change:"David Bantz" 20090220T1442'><span
2087style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2088style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2089minor-latin;text-decoration:none;text-underline:none'>Student Health Service
2090application<o:p></o:p></span></span></span></p>
2091
2092<p class=Answerline style='margin-left:.5in'><span style='mso-bookmark:OLE_LINK8'><span
2093style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2094minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
2095none'>Google Apps for Education<span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></span></span></p>
2096
2097<h5><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><a
2098name="_Ref484143823"><span style='font-size:14.0pt;mso-bidi-font-size:10.0pt'>Attribute
2099Assertions</span></a></span></span><span style='mso-bookmark:OLE_LINK8'><span
2100style='mso-bookmark:OLE_LINK7'><span style='font-size:14.0pt;mso-bidi-font-size:
210110.0pt'><o:p></o:p></span></span></span></h5>
2102
2103<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2104margin-left:.25in'><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
2105OLE_LINK7'><i style='mso-bidi-font-style:normal'><span style='font-family:Cambria;
2106mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>Attributes</span></i></span></span><span
2107style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2108style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2109minor-latin'> are the information data elements in an attribute assertion you
2110might make to another Federation participant concerning the identity of a
2111person in your identity management system.<span style="mso-spacerun:
2112yes">&nbsp; </span><a name="OLE_LINK3"></a><a name="OLE_LINK4"><span
2113style='mso-bookmark:OLE_LINK3'><o:p></o:p></span></a></span></span></span></p>
2114
2115<span style='mso-bookmark:OLE_LINK3'></span><span style='mso-bookmark:OLE_LINK4'></span>
2116
2117<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none;
2118tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2119style='mso-bookmark:OLE_LINK7'><a name="_Ref484143842"></a><span class=GramE><span
2120style='mso-bookmark:_Ref484143842'><span style='font-family:Cambria;mso-ascii-theme-font:
2121minor-latin;mso-hansi-theme-font:minor-latin'>2.12<span style="mso-spacerun:
2122yes">&nbsp; </span>Would</span></span></span></span></span><span
2123style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2124style='mso-bookmark:_Ref484143842'><span style='font-family:Cambria;mso-ascii-theme-font:
2125minor-latin;mso-hansi-theme-font:minor-latin'> you consider your attribute
2126assertions to be reliable enough to:</span></span></span></span><span
2127style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2128style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2129minor-latin'><o:p></o:p></span></span></span></p>
2130
2131<p class=MsoNormal style='margin-left:.5in;line-height:150%;page-break-after:
2132avoid;tab-stops:3.5in right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
2133style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2134minor-latin;mso-hansi-theme-font:minor-latin'>[X<span class=GramE>]<span
2135style="mso-spacerun: yes">&nbsp; </span>control</span> access to on-line
2136information databases licensed to your organization?<o:p></o:p></span></span></span></p>
2137
2138<p class=MsoNormal style='margin-left:.5in;line-height:150%;page-break-after:
2139avoid;tab-stops:3.5in right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
2140style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2141minor-latin;mso-hansi-theme-font:minor-latin'>[X<span class=GramE>]<span
2142style="mso-spacerun: yes">&nbsp; </span>be</span> used to purchase goods or
2143services for your organization?<o:p></o:p></span></span></span></p>
2144
2145<p class=MsoNormal style='margin-left:.5in;line-height:150%;page-break-after:
2146avoid;tab-stops:3.5in right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
2147style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2148minor-latin;mso-hansi-theme-font:minor-latin'>[X] <span class=GramE>enable</span>
2149access to personal information such as student loan status?<o:p></o:p></span></span></span></p>
2150
2151<h5><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><a
2152name="_Ref484143850"><span style='font-size:14.0pt;mso-bidi-font-size:10.0pt'>Privacy
2153Policy</span></a></span></span><span style='mso-bookmark:OLE_LINK8'><span
2154style='mso-bookmark:OLE_LINK7'><span style='font-size:14.0pt;mso-bidi-font-size:
215510.0pt'><o:p></o:p></span></span></span></h5>
2156
2157<p class=MsoNormalIndent><span style='mso-bookmark:OLE_LINK8'><span
2158style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2159minor-latin;mso-hansi-theme-font:minor-latin'>Federation Participants must
2160respect the legal and organizational privacy constraints on attribute
2161information provided by other Participants and use it only for its intended
2162purposes. <o:p></o:p></span></span></span></p>
2163
2164<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none;
2165tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2166style='mso-bookmark:OLE_LINK7'><a name="_Ref484685873"></a><span class=GramE><span
2167style='mso-bookmark:_Ref484685873'><span style='font-family:Cambria;mso-ascii-theme-font:
2168minor-latin;mso-hansi-theme-font:minor-latin'>2.13<span style="mso-spacerun:
2169yes">&nbsp; </span>What</span></span></span></span></span><span
2170style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2171style='mso-bookmark:_Ref484685873'><span style='font-family:Cambria;mso-ascii-theme-font:
2172minor-latin;mso-hansi-theme-font:minor-latin'> restrictions do you place on the
2173use of attribute information that you might provide to other Federation
2174participants?</span></span></span></span><span style='mso-bookmark:OLE_LINK8'><span
2175style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2176minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></p>
2177
2178<p class=Answerline><span style='mso-bookmark:OLE_LINK8'><span
2179style='mso-bookmark:OLE_LINK7'><a name="_Ref484685884"><span style='font-family:
2180Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
2181text-decoration:none;text-underline:none'>Non-public information could be
2182released only under explicit agreements reviewed and approved by appropriate UA
2183executive authority; such agreements would spell out restrictions on use.<span
2184style="mso-spacerun: yes">&nbsp; </span>Member </span></a><span class=GramE><span
2185style='mso-bookmark:_Ref484685884'><span style='font-family:Cambria;mso-ascii-theme-font:
2186minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
2187none'>ofÉ,</span></span></span></span></span><span style='mso-bookmark:OLE_LINK8'><span
2188style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484685884'><span
2189style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2190minor-latin;text-decoration:none;text-underline:none'> current student, current
2191employee, and departmental affiliations are public information.<span
2192style="mso-spacerun: yes">&nbsp; </span>However, we could not release the name
2193or other uniquely identifying attributes of students electing to retain
2194complete confidentiality of their educational record under FERPA.<span
2195style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></span></span></span></p>
2196
2197<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none;
2198tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2199style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484685884'><a
2200name="_Ref484687204"></a><span class=GramE><span style='mso-bookmark:_Ref484687204'><span
2201style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2202minor-latin'>2.14<span style="mso-spacerun: yes">&nbsp; </span>What</span></span></span></span></span></span><span
2203style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2204style='mso-bookmark:_Ref484685884'><span style='mso-bookmark:_Ref484687204'><span
2205style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2206minor-latin'> policies govern the use of attribute information that you might
2207release to other Federation participants?<span style="mso-spacerun: yes">&nbsp;
2208</span>For example, is some information subject to FERPA or HIPAA restrictions?</span></span></span></span></span><span
2209style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2210style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2211minor-latin'><o:p></o:p></span></span></span></p>
2212
2213<p class=Answerline><span style='mso-bookmark:OLE_LINK8'><span
2214style='mso-bookmark:OLE_LINK7'><a name="_Ref484685895"></a><a name="OLE_LINK1"></a><a
2215name="OLE_LINK2"><span style='mso-bookmark:OLE_LINK1'><span style='mso-bookmark:
2216_Ref484685895'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2217mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:none'><span
2218style="mso-spacerun: yes">&nbsp;</span>Non-public information could be released
2219only under explicit agreements reviewed and approved by appropriate UA
2220executive authority; such agreements would spell out restrictions on use.<span
2221style="mso-spacerun: yes">&nbsp; </span>Member </span></span></span></a><span
2222class=GramE><span style='mso-bookmark:OLE_LINK2'><span style='mso-bookmark:
2223OLE_LINK1'><span style='mso-bookmark:_Ref484685895'><span style='font-family:
2224Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
2225text-decoration:none;text-underline:none'>ofÉ,</span></span></span></span></span></span></span><span
2226style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2227style='mso-bookmark:OLE_LINK2'><span style='mso-bookmark:OLE_LINK1'><span
2228style='mso-bookmark:_Ref484685895'><span style='font-family:Cambria;mso-ascii-theme-font:
2229minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
2230none'> current student, current employee, and departmental affiliations are
2231public information.<span style="mso-spacerun: yes">&nbsp; </span>However, we
2232could not release the name or other uniquely identifying attributes of students
2233electing to retain complete confidentiality of their educational record under
2234FERPA.<span style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></span></span></span></span></span></p>
2235
2236<span style='mso-bookmark:OLE_LINK1'></span><span style='mso-bookmark:OLE_LINK2'></span>
2237
2238<p class=MsoNormal><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
2239OLE_LINK7'><span style='mso-bookmark:_Ref484685895'><a name="_Ref484687212"><span
2240style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2241minor-latin'><o:p>&nbsp;</o:p></span></a></span></span></span></p>
2242
2243<h3 style='margin-left:0in;text-indent:0in;mso-list:none'><span
2244style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2245style='mso-bookmark:_Ref484685895'><span style='mso-bookmark:_Ref484687212'>3.<span
2246style="mso-spacerun: yes">&nbsp; </span>Service Provider Information <br>
2247</span></span></span></span><span style='mso-bookmark:OLE_LINK8'><span
2248style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484685895'><span
2249style='mso-bookmark:_Ref484687212'><span style='font-size:11.0pt;mso-bidi-font-size:
225010.0pt;font-weight:normal'>[<i style='mso-bidi-font-style:normal'>UA is not currently
2251a Service Provider via <span class=SpellE>InCommon</span>, so this section is
2252not applicable to UA</i>.]</span></span></span></span></span><span
2253style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2254style='mso-bookmark:_Ref484685895'><span style='mso-bookmark:_Ref484687212'><span
2255style='font-size:14.0pt;mso-bidi-font-size:10.0pt'><o:p></o:p></span></span></span></span></span></h3>
2256
2257<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2258margin-left:.25in'><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
2259OLE_LINK7'><span style='mso-bookmark:_Ref484685895'><span style='mso-bookmark:
2260_Ref484687212'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2261mso-hansi-theme-font:minor-latin'>Service Providers are trusted to ask for only
2262the information necessary to make an appropriate access control decision, and
2263to not misuse information provided to them by Identity Providers.<span
2264style="mso-spacerun: yes">&nbsp; </span>Service Providers must describe the
2265basis on which access to resources is managed and their practices with respect
2266to attribute information they receive from other Participants.<o:p></o:p></span></span></span></span></span></p>
2267
2268<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none;
2269tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2270style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484685895'><span
2271style='mso-bookmark:_Ref484687212'><a name="_Ref491345847"></a><span
2272class=GramE><span style='mso-bookmark:_Ref491345847'><span style='font-family:
2273Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>3.1<span
2274style="mso-spacerun: yes">&nbsp; </span>What</span></span></span></span></span></span></span><span
2275style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2276style='mso-bookmark:_Ref484685895'><span style='mso-bookmark:_Ref484687212'><span
2277style='mso-bookmark:_Ref491345847'><span style='font-family:Cambria;mso-ascii-theme-font:
2278minor-latin;mso-hansi-theme-font:minor-latin'> attribute information about an
2279individual do you require in order to manage access to resources you make available
2280to other Participants?<span style="mso-spacerun: yes">&nbsp; </span>Describe
2281separately for each service <span class=SpellE>ProviderID</span> that you have
2282registered.</span></span></span></span></span></span><span style='mso-bookmark:
2283OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484685895'><span
2284style='mso-bookmark:_Ref484687212'><span style='font-family:Cambria;mso-ascii-theme-font:
2285minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></span></span></p>
2286
2287<p class=Answerline><span style='mso-bookmark:OLE_LINK8'><span
2288style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484685895'><span
2289style='mso-bookmark:_Ref484687212'><span style='font-family:Cambria;mso-ascii-theme-font:
2290minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
2291none'><span style="mso-spacerun: yes">&nbsp;</span><span style='mso-tab-count:
22921'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></span></span></span></span></p>
2293
2294<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none;
2295tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2296style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484685895'><span
2297style='mso-bookmark:_Ref484687212'><a name="_Ref491345858"></a><span
2298class=GramE><span style='mso-bookmark:_Ref491345858'><span style='font-family:
2299Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>3.2<span
2300style="mso-spacerun: yes">&nbsp; </span>What</span></span></span></span></span></span></span><span
2301style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2302style='mso-bookmark:_Ref484685895'><span style='mso-bookmark:_Ref484687212'><span
2303style='mso-bookmark:_Ref491345858'><span style='font-family:Cambria;mso-ascii-theme-font:
2304minor-latin;mso-hansi-theme-font:minor-latin'> use do you make of attribute
2305information that you receive in addition to basic access control decisions?</span></span></span></span><a
2306name="_Ref484143876"></a></span></span><span style='mso-bookmark:OLE_LINK8'><span
2307style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2308style='mso-bookmark:_Ref491345858'><span style='font-family:Cambria;mso-ascii-theme-font:
2309minor-latin;mso-hansi-theme-font:minor-latin'><span style="mso-spacerun:
2310yes">&nbsp; </span>For example, do you aggregate session access records or
2311records of specific information accessed based on attribute information, or
2312make attribute information available to partner organizations, etc.?</span></span><a
2313name="_Ref484686262"></a></span></span></span><span style='mso-bookmark:OLE_LINK8'><span
2314style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2315style='mso-bookmark:_Ref484686262'><span style='font-family:Cambria;mso-ascii-theme-font:
2316minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></span></span></p>
2317
2318<p class=Answerline><span style='mso-bookmark:OLE_LINK8'><span
2319style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2320style='mso-bookmark:_Ref484686262'><span style='font-family:Cambria;mso-ascii-theme-font:
2321minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
2322none'><span style="mso-spacerun: yes">&nbsp;</span><span style='mso-tab-count:
23231'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></span></span></span></span></p>
2324
2325<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none'><span
2326style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2327style='mso-bookmark:_Ref484143876'><span style='mso-bookmark:_Ref484686262'><a
2328name="_Ref491345881"></a><span class=GramE><span style='mso-bookmark:_Ref491345881'><span
2329style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2330minor-latin'>3.3<span style="mso-spacerun: yes">&nbsp; </span>What</span></span></span></span></span></span></span><span
2331style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2332style='mso-bookmark:_Ref484143876'><span style='mso-bookmark:_Ref484686262'><span
2333style='mso-bookmark:_Ref491345881'><span style='font-family:Cambria;mso-ascii-theme-font:
2334minor-latin;mso-hansi-theme-font:minor-latin'> human and technical controls are
2335in place on access to and use of attribute information that might refer to only
2336one specific person (i.e., personally identifiable information)?<span
2337style="mso-spacerun: yes">&nbsp; </span>For example, is this information
2338encrypted?</span></span></span></span></span></span><span style='mso-bookmark:
2339OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2340style='mso-bookmark:_Ref484686262'><span style='font-family:Cambria;mso-ascii-theme-font:
2341minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></span></span></p>
2342
2343<p class=Answerline><span style='mso-bookmark:OLE_LINK8'><span
2344style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2345style='mso-bookmark:_Ref484686262'><span style='font-family:Cambria;mso-ascii-theme-font:
2346minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
2347none'><span style="mso-spacerun: yes">&nbsp;</span><span style='mso-tab-count:
23481'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></span></span></span></span></p>
2349
2350<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none'><span
2351style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2352style='mso-bookmark:_Ref484143876'><span style='mso-bookmark:_Ref484686262'><a
2353name="_Ref491345893"></a><span class=GramE><span style='mso-bookmark:_Ref491345893'><span
2354style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2355minor-latin'>3.4<span style="mso-spacerun: yes">&nbsp; </span>Describe</span></span></span></span></span></span></span><span
2356style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2357style='mso-bookmark:_Ref484143876'><span style='mso-bookmark:_Ref484686262'><span
2358style='mso-bookmark:_Ref491345893'><span style='font-family:Cambria;mso-ascii-theme-font:
2359minor-latin;mso-hansi-theme-font:minor-latin'> the human and technical controls
2360that are in place on the management of super-user and other privileged accounts
2361that might have the authority to grant access to personally identifiable
2362information?</span></span></span></span></span></span><span style='mso-bookmark:
2363OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2364style='mso-bookmark:_Ref484686262'><span style='font-family:Cambria;mso-ascii-theme-font:
2365minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></span></span></p>
2366
2367<p class=Answerline><span style='mso-bookmark:OLE_LINK8'><span
2368style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2369style='mso-bookmark:_Ref484686262'><span style='font-family:Cambria;mso-ascii-theme-font:
2370minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
2371none'><span style="mso-spacerun: yes">&nbsp;</span><span style='mso-tab-count:
23721'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></span></span></span></span></p>
2373
2374<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none;
2375tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2376style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2377style='mso-bookmark:_Ref484686262'><a name="_Ref491345908"></a><span
2378class=GramE><span style='mso-bookmark:_Ref491345908'><span style='font-family:
2379Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>3.5<span
2380style="mso-spacerun: yes">&nbsp; </span>If</span></span></span></span></span></span></span><span
2381style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2382style='mso-bookmark:_Ref484143876'><span style='mso-bookmark:_Ref484686262'><span
2383style='mso-bookmark:_Ref491345908'><span style='font-family:Cambria;mso-ascii-theme-font:
2384minor-latin;mso-hansi-theme-font:minor-latin'> personally identifiable
2385information is compromised, what actions do you take to notify potentially
2386affected individuals?</span></span></span></span></span></span><span
2387style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2388style='mso-bookmark:_Ref484143876'><span style='mso-bookmark:_Ref484686262'><span
2389style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2390minor-latin'><o:p></o:p></span></span></span></span></span></p>
2391
2392<p class=Answerline><span style='mso-bookmark:OLE_LINK8'><span
2393style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2394style='mso-bookmark:_Ref484686262'><span style='font-family:Cambria;mso-ascii-theme-font:
2395minor-latin;mso-hansi-theme-font:minor-latin;text-decoration:none;text-underline:
2396none'><span style="mso-spacerun: yes">&nbsp;</span></span></span></span></span></span></p>
2397
2398<p class=ParaNum1 style='margin-left:0in;text-indent:0in;mso-list:none'><span
2399style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2400style='mso-bookmark:_Ref484143876'><span style='mso-bookmark:_Ref484686262'><a
2401name="_Ref484691927"><span style='font-size:13.0pt;mso-bidi-font-size:10.0pt;
2402font-family:Helvetica'>4.<span style="mso-spacerun: yes">&nbsp; </span>Other
2403Information<o:p></o:p></span></a></span></span></span></span></p>
2404
2405<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none;
2406tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2407style='mso-bookmark:OLE_LINK7'><span style='mso-bookmark:_Ref484143876'><span
2408style='mso-bookmark:_Ref484686262'><span style='mso-bookmark:_Ref484691927'><a
2409name="_Ref491345683"></a><span class=GramE><span style='mso-bookmark:_Ref491345683'><span
2410style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2411minor-latin'>4.1<span style="mso-spacerun: yes">&nbsp; </span>Technical</span></span></span></span></span></span></span></span><span
2412style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2413style='mso-bookmark:_Ref484143876'><span style='mso-bookmark:_Ref484686262'><span
2414style='mso-bookmark:_Ref484691927'><span style='mso-bookmark:_Ref491345683'><span
2415style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2416minor-latin'> Standards, Versions and Interoperability</span></span></span></span></span></span></span><span
2417style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2418style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2419minor-latin'><o:p></o:p></span></span></span></p>
2420
2421<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2422margin-left:.25in'><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
2423OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2424mso-hansi-theme-font:minor-latin'>Identify the version of Internet2 Shibboleth
2425code release that you are using or, if not using the standard Shibboleth code,
2426what version(s) of the SAML and SOAP and <span style='color:black'>any other
2427relevant standards you have implemented for this purpose.<o:p></o:p></span></span></span></span></p>
2428
2429<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2430margin-left:.25in'><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
2431OLE_LINK7'><i style='mso-bidi-font-style:normal'><span style='font-family:Cambria;
2432mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;color:black'>Shibboleth
24332.x; Shibboleth 2.0 <span class=SpellE>IdP</span> is running currently<o:p></o:p></span></i></span></span></p>
2434
2435<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2436margin-left:.25in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
2437style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
2438style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2439minor-latin'><span style="mso-spacerun: yes">&nbsp;</span><span
2440style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
2441
2442<p class=ParaNum2 style='margin-left:.25in;text-indent:0in;mso-list:none;
2443tab-stops:.25in .6in'><span style='mso-bookmark:OLE_LINK8'><span
2444style='mso-bookmark:OLE_LINK7'><a name="_Ref484143900"></a><span class=GramE><span
2445style='mso-bookmark:_Ref484143900'><span style='font-family:Cambria;mso-ascii-theme-font:
2446minor-latin;mso-hansi-theme-font:minor-latin'>4.2<span style="mso-spacerun:
2447yes">&nbsp; </span>Other</span></span></span></span></span><span
2448style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2449style='mso-bookmark:_Ref484143900'><span style='font-family:Cambria;mso-ascii-theme-font:
2450minor-latin;mso-hansi-theme-font:minor-latin'> Considerations</span></span></span></span><span
2451style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2452style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2453minor-latin'><o:p></o:p></span></span></span></p>
2454
2455<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2456margin-left:.25in'><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
2457OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2458mso-hansi-theme-font:minor-latin'>Are there any other considerations or
2459information that you wish to make known to other Federation participants with
2460whom you might interoperate? For example, are there concerns about the use of
2461clear text passwords or responsibilities in case of a security breach involving
2462identity information you may have provided?<o:p></o:p></span></span></span></p>
2463
2464<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
2465margin-left:.25in;tab-stops:right 6.5in'><span style='mso-bookmark:OLE_LINK8'><span
2466style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
2467style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2468minor-latin'><span style="mso-spacerun: yes">&nbsp;</span>No.<span
2469style='mso-tab-count:1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></span></i></span></span></p>
2470
2471<b style='mso-bidi-font-weight:normal'><span style='font-size:14.0pt;
2472mso-bidi-font-size:10.0pt;font-family:Cambria;mso-ascii-theme-font:minor-latin;
2473mso-fareast-font-family:Times;mso-hansi-theme-font:minor-latin;mso-bidi-font-family:
2474"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US'><br
2475clear=ALL style='page-break-before:always'>
2476</span></b>
2477
2478<h2 align=left style='text-align:left'><span style='mso-bookmark:OLE_LINK8'><span
2479style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2480minor-latin;mso-hansi-theme-font:minor-latin'><span style="mso-spacerun:
2481yes">&nbsp;</span>Glossary<o:p></o:p></span></span></span></h2>
2482
2483<p class=MsoNormal><span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:
2484OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2485mso-hansi-theme-font:minor-latin'><o:p>&nbsp;</o:p></span></span></span></p>
2486
2487<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
2488 style='border-collapse:collapse;mso-padding-alt:0in 5.4pt 0in 5.4pt'>
2489 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes'>
2490  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2491  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2492  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span class=GramE><span
2493  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2494  minor-latin'>access</span></span></span></span><span style='mso-bookmark:
2495  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2496  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>
2497  management system<o:p></o:p></span></span></span></p>
2498  </td>
2499  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2500  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2501  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2502  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2503  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>The
2504  collection of systems and or services associated with specific on-line
2505  resources and/or services that together derive the decision about whether to
2506  allow a given individual to gain access to those resources or make use of
2507  those services.<o:p></o:p></span></span></span></p>
2508  </td>
2509  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2510 </tr>
2511 <tr style='mso-yfti-irow:1'>
2512  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2513  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2514  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span class=GramE><span
2515  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2516  minor-latin'>assertion</span></span></span></span><span style='mso-bookmark:
2517  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2518  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></p>
2519  </td>
2520  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2521  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2522  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2523  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2524  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>The
2525  <i style='mso-bidi-font-style:normal'>identity</i> information provided by an
2526  <i style='mso-bidi-font-style:normal'>Identity Provider</i> to a <i
2527  style='mso-bidi-font-style:normal'>Service Provider</i>.<o:p></o:p></span></span></span></p>
2528  </td>
2529  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2530 </tr>
2531 <tr style='mso-yfti-irow:2'>
2532  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2533  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2534  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span class=GramE><span
2535  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2536  minor-latin'>attribute</span></span></span></span><span style='mso-bookmark:
2537  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2538  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></p>
2539  </td>
2540  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2541  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2542  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2543  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2544  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>A
2545  single piece of information associated with an <i style='mso-bidi-font-style:
2546  normal'>electronic identity database</i> record.<span style="mso-spacerun:
2547  yes">&nbsp; </span>Some <i style='mso-bidi-font-style:normal'>attributes</i>
2548  are general; others are personal.<span style="mso-spacerun: yes">&nbsp;
2549  </span>Some subset of all <i style='mso-bidi-font-style:normal'>attributes</i>
2550  defines a unique individual.<o:p></o:p></span></span></span></p>
2551  </td>
2552  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2553 </tr>
2554 <tr style='mso-yfti-irow:3'>
2555  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2556  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2557  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span class=GramE><span
2558  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2559  minor-latin'>authentication</span></span></span></span><span
2560  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2561  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2562  minor-latin'><o:p></o:p></span></span></span></p>
2563  </td>
2564  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2565  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2566  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2567  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2568  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>The
2569  process by which a person verifies or confirms their association with an <i
2570  style='mso-bidi-font-style:normal'>electronic identifier</i>.<span
2571  style="mso-spacerun: yes">&nbsp; </span>For example, entering a password that
2572  is associated with <span class=GramE>an</span> <span class=SpellE>UserID</span>
2573  or account name is assumed to verify that the user is the person to whom the <span
2574  class=SpellE>UserID</span> was issued.<o:p></o:p></span></span></span></p>
2575  </td>
2576  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2577 </tr>
2578 <tr style='mso-yfti-irow:4'>
2579  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2580  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2581  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span class=GramE><span
2582  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2583  minor-latin'>authorization</span></span></span></span><span style='mso-bookmark:
2584  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2585  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></p>
2586  </td>
2587  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2588  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2589  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2590  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2591  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>The
2592  process of determining whether a specific person should be allowed to gain
2593  access to an application or function, or to make use of a resource.<span
2594  style="mso-spacerun: yes">&nbsp; </span>The resource manager then makes the
2595  access control decision, which also may take into account other factors such
2596  as time of day, location of the user, and/or load on the resource system.<o:p></o:p></span></span></span></p>
2597  </td>
2598  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2599 </tr>
2600 <tr style='mso-yfti-irow:5'>
2601  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2602  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2603  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span class=GramE><span
2604  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2605  minor-latin'>electronic</span></span></span></span><span style='mso-bookmark:
2606  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2607  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>
2608  identifier<o:p></o:p></span></span></span></p>
2609  </td>
2610  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2611  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2612  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2613  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2614  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>A
2615  string of characters or structured data that may be used to reference an <i
2616  style='mso-bidi-font-style:normal'>electronic identity</i>.<span
2617  style="mso-spacerun: yes">&nbsp; </span>Examples include an email address, a
2618  user account name, a Kerberos principal name, a UC or campus <span
2619  class=SpellE><i style='mso-bidi-font-style:normal'>NetID</i></span>, an
2620  employee or student ID, or a PKI certificate.<o:p></o:p></span></span></span></p>
2621  </td>
2622  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2623 </tr>
2624 <tr style='mso-yfti-irow:6'>
2625  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2626  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2627  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span class=GramE><span
2628  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2629  minor-latin'>electronic</span></span></span></span><span style='mso-bookmark:
2630  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2631  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>
2632  identity<o:p></o:p></span></span></span></p>
2633  </td>
2634  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2635  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2636  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2637  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2638  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>A
2639  set of information that is maintained about an individual, typically in
2640  campus <i style='mso-bidi-font-style:normal'>electronic identity databases</i>.<span
2641  style="mso-spacerun: yes">&nbsp; </span>May include roles and privileges as
2642  well as personal information.<span style="mso-spacerun: yes">&nbsp;
2643  </span>The information must be authoritative to the applications for which it
2644  will be used.<o:p></o:p></span></span></span></p>
2645  </td>
2646  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2647 </tr>
2648 <tr style='mso-yfti-irow:7'>
2649  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2650  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2651  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span class=GramE><span
2652  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2653  minor-latin'>electronic</span></span></span></span><span style='mso-bookmark:
2654  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2655  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>
2656  identity credential<o:p></o:p></span></span></span></p>
2657  </td>
2658  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2659  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2660  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2661  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2662  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>An
2663  <i style='mso-bidi-font-style:normal'>electronic identifier</i> and
2664  corresponding <i style='mso-bidi-font-style:normal'>personal secret</i>
2665  associated with an <i style='mso-bidi-font-style:normal'>electronic identity</i>.<span
2666  style="mso-spacerun: yes">&nbsp; </span>An <i style='mso-bidi-font-style:
2667  normal'>electronic identity credential </i>typically is issued to the person
2668  who is the subject of the information to enable that person to gain access to
2669  applications or other resources that need to control such access.<o:p></o:p></span></span></span></p>
2670  </td>
2671  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2672 </tr>
2673 <tr style='mso-yfti-irow:8'>
2674  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2675  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2676  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2677  class=GramE><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2678  mso-hansi-theme-font:minor-latin'>electronic</span></span></span></span><span
2679  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2680  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2681  minor-latin'> identity database<o:p></o:p></span></span></span></p>
2682  </td>
2683  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2684  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2685  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2686  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2687  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2688  minor-latin'>A structured collection of information pertaining to a given
2689  individual.<span style="mso-spacerun: yes">&nbsp; </span>Sometimes referred
2690  to as an &quot;enterprise directory.&quot;<span style="mso-spacerun:
2691  yes">&nbsp; </span>Typically includes name, address, email address,
2692  affiliation, and <i style='mso-bidi-font-style:normal'>electronic
2693  identifier(s)</i>.<span style="mso-spacerun: yes">&nbsp; </span>Many
2694  technologies can be used to create an <i style='mso-bidi-font-style:normal'>identity
2695  database,</i> for example LDAP or a set of linked relational databases.<o:p></o:p></span></span></span></p>
2696  </td>
2697  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2698 </tr>
2699 <tr style='mso-yfti-irow:9'>
2700  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2701  <p class=MsoNormal style='margin-bottom:6.0pt;page-break-before:always;
2702  mso-pagination:widow-orphan lines-together'><span style='mso-bookmark:OLE_LINK8'><span
2703  style='mso-bookmark:OLE_LINK7'><span class=GramE><span style='font-family:
2704  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>identity</span></span></span></span><span
2705  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2706  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2707  minor-latin'><o:p></o:p></span></span></span></p>
2708  </td>
2709  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2710  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2711  <p class=MsoNormal style='margin-bottom:6.0pt;page-break-before:always;
2712  mso-pagination:widow-orphan lines-together'><span style='mso-bookmark:OLE_LINK8'><span
2713  style='mso-bookmark:OLE_LINK7'><i style='mso-bidi-font-style:normal'><span
2714  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2715  minor-latin'>Identity</span></i></span></span><span style='mso-bookmark:OLE_LINK8'><span
2716  style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2717  minor-latin;mso-hansi-theme-font:minor-latin'> is the set of information
2718  associated with a specific physical person or other entity.<span
2719  style="mso-spacerun: yes">&nbsp; </span>Typically an Identity Provider will
2720  be authoritative for only a subset of a personÕs <i style='mso-bidi-font-style:
2721  normal'>identity</i> information.<span style="mso-spacerun: yes">&nbsp;
2722  </span>What <i style='mso-bidi-font-style:normal'>identity</i> <i
2723  style='mso-bidi-font-style:normal'>attributes</i> might be relevant in any
2724  situation depend on the context in which it is being questioned.<o:p></o:p></span></span></span></p>
2725  </td>
2726  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2727 </tr>
2728 <tr style='mso-yfti-irow:10'>
2729  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2730  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2731  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2732  class=GramE><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2733  mso-hansi-theme-font:minor-latin'>identity</span></span></span></span><span
2734  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2735  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2736  minor-latin'> management system<o:p></o:p></span></span></span></p>
2737  </td>
2738  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2739  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2740  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2741  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2742  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2743  minor-latin'>A set of standards, procedures and technologies that provide
2744  electronic credentials to individuals and maintain authoritative information
2745  about the holders of those credentials.<o:p></o:p></span></span></span></p>
2746  </td>
2747  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2748 </tr>
2749 <tr style='mso-yfti-irow:11'>
2750  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2751  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2752  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2753  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin'>Identity
2754  Provider<o:p></o:p></span></span></span></p>
2755  </td>
2756  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2757  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2758  <p class=MsoNormal style='margin-bottom:6.0pt'><span style='mso-bookmark:
2759  OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span style='font-family:
2760  Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
2761  color:black'>A campus or other organization that manages and operates an <i
2762  style='mso-bidi-font-style:normal'>identity management system</i> and offers
2763  information about members of its community to other <span class=SpellE>InCommon</span>
2764  participants.</span></span></span><span style='mso-bookmark:OLE_LINK8'><span
2765  style='mso-bookmark:OLE_LINK7'><span style='font-family:Cambria;mso-ascii-theme-font:
2766  minor-latin;mso-hansi-theme-font:minor-latin'><o:p></o:p></span></span></span></p>
2767  </td>
2768  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2769 </tr>
2770 <tr style='mso-yfti-irow:12'>
2771  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2772  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2773  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2774  class=SpellE><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2775  mso-hansi-theme-font:minor-latin'>NetID</span></span></span></span><span
2776  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2777  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2778  minor-latin'><o:p></o:p></span></span></span></p>
2779  </td>
2780  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2781  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2782  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2783  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2784  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2785  minor-latin'>An <i style='mso-bidi-font-style:normal'>electronic identifier</i>
2786  created specifically for use with on-line applications. It is often an
2787  integer and typically has no other meaning.<span style="mso-spacerun:
2788  yes">&nbsp; </span><o:p></o:p></span></span></span></p>
2789  </td>
2790  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2791 </tr>
2792 <tr style='mso-yfti-irow:13'>
2793  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2794  <p class=MsoNormal style='mso-pagination:widow-orphan lines-together'><span
2795  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2796  class=GramE><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2797  mso-hansi-theme-font:minor-latin'>personal</span></span></span></span><span
2798  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2799  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2800  minor-latin'> secret<o:p></o:p></span></span></span></p>
2801  <p class=MsoNormal style='mso-pagination:widow-orphan lines-together'><span
2802  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2803  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2804  minor-latin'>(<span class=GramE>also</span> <o:p></o:p></span></span></span></p>
2805  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2806  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2807  class=GramE><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2808  mso-hansi-theme-font:minor-latin'>verification</span></span></span></span><span
2809  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2810  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2811  minor-latin'> token)<o:p></o:p></span></span></span></p>
2812  </td>
2813  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2814  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2815  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2816  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2817  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2818  minor-latin'>Used in the context of this document, is synonymous with
2819  password, pass phrase or PIN.<span style="mso-spacerun: yes">&nbsp; </span>It
2820  enables the holder of an <i style='mso-bidi-font-style:normal'>electronic
2821  identifier </i>to confirm that s/he is the person to whom the identifier was
2822  issued.<o:p></o:p></span></span></span></p>
2823  </td>
2824  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2825 </tr>
2826 <tr style='mso-yfti-irow:14;mso-yfti-lastrow:yes'>
2827  <td width=103 valign=top style='width:102.55pt;padding:0in 5.4pt 0in 5.4pt'>
2828  <p class=MsoNormal style='mso-pagination:widow-orphan lines-together'><span
2829  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2830  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2831  minor-latin'>Service Provider<o:p></o:p></span></span></span></p>
2832  </td>
2833  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2834  <td width=376 valign=top style='width:376.25pt;padding:0in 5.4pt 0in 5.4pt'>
2835  <p class=MsoNormal style='margin-bottom:6.0pt;mso-pagination:widow-orphan lines-together'><span
2836  style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'><span
2837  style='font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-hansi-theme-font:
2838  minor-latin;color:black'>A campus or other organization that makes on-line
2839  resources available to users based in part on information about them that it
2840  receives from other <span class=SpellE>InCommon</span> participants.<o:p></o:p></span></span></span></p>
2841  </td>
2842  <span style='mso-bookmark:OLE_LINK8'><span style='mso-bookmark:OLE_LINK7'></span></span>
2843 </tr>
2844</table>
2845
2846<span style='mso-bookmark:OLE_LINK7'></span><span style='mso-bookmark:OLE_LINK8'></span>
2847
2848<p class=MsoNormal><span style='font-family:Cambria;mso-ascii-theme-font:minor-latin;
2849mso-hansi-theme-font:minor-latin'><o:p>&nbsp;</o:p></span></p>
2850
2851</div>
2852
2853<div style='mso-element:footnote-list'><![if !supportFootnotes]><br clear=all>
2854
2855<hr align=left size=1 width="33%">
2856
2857<![endif]>
2858
2859<div style='mso-element:footnote' id=ftn>
2860
2861<p class=MsoFootnoteText><a style='mso-footnote-id:ftn' href="#_ftnref"
2862name="_ftn1" title=""><span class=MsoFootnoteReference><span style='mso-special-character:
2863footnote'><![if !supportFootnotes]>[1]<![endif]></span></span></a> Such
2864permission already might be implied by existing contractual agreements.</p>
2865
2866</div>
2867
2868<div style='mso-element:footnote' id=ftn>
2869
2870<p class=MsoFootnoteText><a style='mso-footnote-id:ftn' href="#_ftnref"
2871name="_ftn2" title=""><span class=MsoFootnoteReference><span style='mso-special-character:
2872footnote'><![if !supportFootnotes]>[2]<![endif]></span></span></a> Your
2873responses to these questions should be posted in a readily accessible place on
2874your web site, and the URL submitted to InCommon.<span style="mso-spacerun:
2875yes">&nbsp; </span>If not posted, you should post contact information for an
2876office that can discuss it privately with other InCommon Participants as
2877needed.<span style="mso-spacerun: yes">&nbsp; </span>If any of the information
2878changes, you must update your on-line statement as soon as possible.</p>
2879
2880</div>
2881
2882<div style='mso-element:footnote' id=ftn>
2883
2884<p class=MsoFootnoteText><a style='mso-footnote-id:ftn' href="#_ftnref"
2885name="_ftn3" title=""><span class=MsoFootnoteReference><span style='mso-special-character:
2886footnote'><![if !supportFootnotes]>[3]<![endif]></span></span></a> A general
2887note regarding attributes and recommendations within the Federation is
2888available here: http://www.incommonfederation.org/attributes.html </p>
2889
2890</div>
2891
2892<div style='mso-element:footnote' id=ftn>
2893
2894<p class=MsoFootnoteText><a style='mso-footnote-id:ftn' href="#_ftnref"
2895name="_ftn4" title=""><span class=MsoFootnoteReference><span style='mso-special-character:
2896footnote'><![if !supportFootnotes]>[4]<![endif]></span></span></a>
2897&quot;Member&quot; is one possible value for <span class=SpellE>eduPersonAffiliation</span>
2898as defined in the eduPerson schema.<span style="mso-spacerun: yes">&nbsp;
2899</span>It is intended to include faculty, staff, student, and other persons
2900with a basic set of privileges that go with membership in the university
2901community (e.g., library privileges).<span style="mso-spacerun: yes">&nbsp;
2902</span>ÒMember of CommunityÓ could be derived from other values in <span
2903class=SpellE>eduPersonAffiliation</span> or assigned explicitly as ÒMemberÓ in
2904the electronic identity database.<span style="mso-spacerun: yes">&nbsp;
2905</span>See http://www.educause.edu/eduperson/</p>
2906
2907</div>
2908
2909</div>
2910
2911</body>
2912
2913</html>