Present:

Notes

  • Action on Alex Stuart to send invite for following meetings
  • We reviewed the last meeting.
  • Björn's biggest concern is getting the trustmark reference right. SPs in InCommon, InAcademia, Jisc etc. needs to add the right reference.
  • How do we define the profile?
    • Could be included inline with standard SAML metadata. That's problematic for validating metadata consumers. We would need to define schema and get that distributed to all metadata consumers. And SeamlessAccess would also have to develop code which would read and act on trustinfo code.
    • It could be a separate XML file with all blobs gathered by someone outside SeamlessAccess. Bigger federations? eduGAIN?
    • Profiles could be defined as trustinfo XML and managed centrally by SeamlessAccess, who would provide URI as reference.
    • Profiles could be defined by SeamlessAccess as code / pseudocode (not trustinfo XML) and have URI
    • The last 2 examples would need to limit this so SeamlessAccess doesn't get overwhelmed, and also to encourage the more general solution of trustinfo XML
  • The discussion turned to defining what could be a sufficient small set of profiles. The proposal was two define two per federation, one which is only that federation's internal feed, and one to include the federation internal feed + eduGAIN. If we have lots of federations, we could use the eduGAIN federation identifiers (as found from the eduGAIN list_feds API. For example, SWAMID for SWAMID, AAI-EDUHR for AAI@EduHR). Zacharias thinks the more difficult part is the trust (that is to say, would federation operators accept this) rather than tech implementation
  • SeamlessAccess production code is at https://github.com/TheIdentitySelector/thiss-ops. It consumes metadata from the Metadata sources defined here. Currently:
  • Action on Zacharias Törnblom to find who in OpenAthens is responsible for metadata ingest to SeamlessAccess
  • Given the small number of federation feeds ingested by SeamlessAccess, this means the proposal would be to provide 6 filters
    1. SWAMID internal with identifier http://seamlessaccess.org/trust-profile/SWAMID
    2. SWAMID internal + eduGAIN with identifier http://seamlessaccess.org/trust-profile/SWAMID/eduGAIN
    3. InCommon internal, http://seamlessaccess.org/trust-profile/INCOMMON
    4. InCommon internal + eduGAIN, http://seamlessaccess.org/trust-profile/INCOMMON/eduGAIN
    5. OpenAthens internal, http://seamlessaccess.org/trust-profile/OPENATHENS
    6. OpenAthens + eduGAIN, http://seamlessaccess.org/trust-profile/OPENATHENS/eduGAIN

Next meeting

  • To be determined after SeamlessAccess development team have given feedback on whether they are happy to implement the proposed profiles



  • No labels