This consultation opens on 4 October 2022 and closes on 8 November 2022 at 17:00 CET.

Background

The REFEDS Entity Categories Development Working Group has developed a revision to the Pseudonymous Authorization Entity Category.  This revision normalizes the language and requirements, as appropriate, across all three access-related entity categories (i.e., Anonymous, Pseudonymous, and Personalized Access Entity Categories) and changes the full name from Pseudonymous Authorization to Pseudonymous Access.

Overview

Included as supporting material for implementers are two documents:

While not officially part of the consultation, feedback on the informative text is welcome.

This consultation is open from: 4 October 2022 to 8 November 2022 17:00 CET.

Participants are invited:

  • to consider the proposed revisions to this entity category


The PDF for the consultation is available. All comments should be made on: consultations@lists.refeds.org or added to the changelog below. Comments posted to other channels will not be included in the consultation review.

Change Log


comment #Line/Reference #Proposed Change or QueryProposer / AffiliationAction / Decision (please leave blank)
15.1 Required Attributes

eduPersonEntitlement is no longer listed as required attribute, whereas seamlessaccess.org just published its "Contract Language Model License Agreement 1.0" that refers to the pseudonymous entity category and lists the entitlement attribute.

Rather confusing. Is the new consultation not aligned with seamlessaccess.org?

Thomas Lenggenhager, SWITCH

The SeamlessAccess material refers to the older entity categories. The discussion of entitlements was not complete in either document, the original entity categories or this contract language model.

We recommend that all parties refer to Federated Authorization Best Practices for the best ways to handle authorization, including the use of entitlement. There must be further discussion (possibly in FIM4L) regarding the use cases and appropriate principles for authorization.

No change necessary to the entity category.

246-47"Application" is an overloaded term. In this sentence it refers to the application for inclusion in the entity category. I misread it at first to mean service provider web application. Can you add a couple of words of clarification to the sentence?Alex Stuart (Jisc)The text has been modified to remove the word "application" in favor of "request".
355-57Can you give an example of when a federation registrar would not remove the entity category when a Service Provider can no longer demonstrate compliance? I'd expect that the registrar MUST remove, not SHOULD.Alex Stuart (Jisc)We have modified the text to: "The federation registrar MUST remove the Entity Category if the Service Provider indicates a change in conformance. The federation registrar MUST have other remediation procedures to address a lack of compliance with these requirements."

























  • No labels