A FE or WSP may act in secondary role of Web Service Client (WSC). If you call other web services you should answer these questions.
Is your software TAS3 or ID-WSF 2.0 compliant?
Is it certified? When, by whom: ____
Are you able to use Credentials and Privacy Negotiation agent?
Are you able to handle Interaction Redirect if requested by WSP?
What security mechanisms are you willing and able to support
(__) Bearer Token
(__) Holder of Key Token
(__) X509 signature without token
(__) None
Which Policy Enforcement Points do you implement?
(__) Request Out PEP
(__) Response In PEP
(__) Other, please describe: _______________
Which Policy Decision Point do you use?
(__) Internal or built in
(__) External XACML PDP
(__) Other: _______________
Which obligations or policy languages do you use or support? (tick all that apply)
(__) SOL1
(__) Permis
(__) XACML2
(__) Other, please specify: _____________
What obligations do you pledge to honour with respect to user data returned to you?
Either describe in prose or provide specific policies using Simple Obligations Language 1 (SOL1) or other obligations language you plan to use.
What obligations do you require other party to honour with respect to user data you send?
Either describe in prose or provide specific policies using Simple Obligations Language 1 (SOL1) or other obligations language you plan to use.
Do you have automatic mechanims for satisfying the obligations you pledged? Please describe: ______________________
What mechanisms do you provide to user and trust network operator to verify that you have complied with your pledges?
What mechanisms do you have or require from others to verify that they have complied with their pledges?