- Tom Barton
- Davide Vaghetti
- Alan Buxey
- Alex Stuart
- Albert Wu
- Jon Agland
- Miroslav Milinović
- @Christoper Whalen
- Stephen Lovell
- @jani Heikkinen
- Pål Axelsson
- Nicole Harris
- Eskil Swahn
- Casper Dreef
Miro - doing audits of IdP and SPs during the past 5 years . at this moment we have several feedbacks from the SPs and IdPs in which they rely on this.
(one of the benefits of H&S architecture)
EIDAS(?) audit check
effort required is 4 'man months' per year
Davide - as a full mesh we check IdPs and SPs - some interactive checks . mainly for IdPs. have thought about SPs
Alex - UKAMF places a lot of trustworthiness in metadata correctness. First aspect is ISO27001 certification for audit-able processes. the other aspect is
metadata checking tools (eg from Ian Young)
Tom - asking Alex - curious when reading...what is UKs boundary to the trust concept.
Davide - also a comment 'a lot of trust built up on existing trust relationships within an NREN'
Nicole - metadata registration practices are another view of trust
FP02 - Miro, words sound a bit general but okay
FP03 - Alex making a different point. on WIKI - UK rules and filtering.... secure/trustworthy transactions but also focussed on interoperability.
interoperable is a missing word here? add to secure and trustworthy?
Davide - add it as a new expectation
Tom - maybe a new term related to reachability. may not guarantee reachability -
Nicole, some federations require other steps...services with payment/subscriptions.
Alan - IdPs and SPs have the power/right to choose their relying parties
Tom - okay, lets be careful of word guarantee.