Attendees:
- Casper Dreef
- Alan Buxey
- Pål Axelsson
- Tom Barton
- Shannon Roddey
- Anass CHABLI
- Albert Wu
- Derrick Ssemanda
- Jon Agland
- Eskil Swahn
- Mark Williams
- Miroslav Milinović
Discussion items
| Time | Item |
|---|---|
Summary previous meeting and open action | |
| SP requirements | |
| AOB |
Draft minutes
Summary previous meeting and open action
2020-02-18 Baseline Expectations meeting
What is the admin contact according to InCommon? Two roles: technical contact and admin contact.
query from Tom on where we got with IdP - gave an overview of the light agreements we could match/meet so far.
Eskil wants summary of agreements at the end of the minutes to aid catching up. we'll look at doing that
SP requirements
Question from Eskil to Tom. Bullet 1: what are the controls?
No particular control set. No specific statements to make the Baseline more future proof.
On Bullet 1 CoCoV2 could help.
'Reasonably' what does this mean? (another language issue) - need to toughen that statement up
SP2
Question from Miro 'Permission. whose permission?'
maybe we need to define which actor is releasing the info - so information released by the SP - if the user
has populated their account on the SP with other information then the SP wouldnt know that and its up to the
individual to consent to release of that. in the EU laws such as GDPR cover this - what about further afield?
US has no common rules regarding this - but CCPA etc is changing that.
do we need specific entries in the Baseline for Proxies? or do we define proxies by what type they are - identity
provision or service provision? up for further discussion
Tom mentioned a parking lot idea - what processes to be implemented across the federations (to maintain adherence
to the baseline, to raise concerns from one party about another)
SP3 no issue
SP4 same as IdP in terms of the contact types . privacy policy not so much of an issue when it comes to SPs
AOB
For IdP requirements, good alignment amongst those federations present in the call but some minor issues relating
to how to test some of the statements/assertions, language/word choice definitely needs to be worked on
SP requirements - SP1-4 covered (albeit 4 briefly) - same, good alignment but need work on language and words