Present

Minutes

  • Albert recapped: no-one seems to owns the original SeamlessAccess XML spec. There was a small group who talked to Leif at TNC, and he described what the original intention was (how to do discovery properly) but had no claims on ownership going forwards.
  • InCommon's needs right now are very narrow: they need filtering for IdP discovery with SeamlessAccess
  • Since SPs typically configure a single discovery service, we are happy to broaden this use case to IdP discovery with a discovery service. Whichever discovery service is used must be able to read and act on the information. We've had plenty of discussion in this working group about the md_source attribute being an internal deployment choice of the discovery service. But since the SP is just targetting one discovery service, this shouldn't be a show stopper.
  • We have a choice: we include the full XML spec into existing SAML metadata, or we encode information in an entity attribute
  • The notion of an entity attribute for a profile (for example eduGAIN + InCommon-registered) was discussed and discounted
  • The prinicple of a two-step solution was well received: first a proof of concept which would work for InCommon and discovery services. We come back after a period of time to review InCommon's experience with the entity attribute, and any knowledge from OpenID Federation pilot in eduGAIN.
  • Agreed to require a single valued entity attribute (EA) so we do not need to consider order or combination of multiple attributes
  • Q: does the EA need to indicate that it's JSON or XML inside? No! the discovery service will be in contact with the SP about which format it expects. Anything that isn't consuming the metadata won't need to unpack the value in the EA
  • Q: Does it need to be in eduGAIN? Yes! In the first instance we do not want to be building a parallel infrastructure for trustinfo metadata
  • Björn pointed out that SeamlessAccess are the experts on the UI but not necessarily SAML, so this WG should input into the SP use case abotu what filtering is like

Actions

  • Alex Stuart  will draft a specification for the single-valued entity attribute before the end of Tuesday 27 August and post around
  • No labels