• SeamlessAccess are almost ready to roll out to staging
  • Profiles in the demo app are defined at https://md-dev.thiss.io/tinfo
  • Some gaps in understanding on SeamlessAccess part about how metadata works
  • Javascript snippet the SP uses will name the profiles, either sent in metadata or the global profiles
  • ...so SP includes a profile that points to other profiles?
  • We are happy with https://refeds.org/entity-selection-profile (and therefore need to commit to that in any specificaton)
  • PR has from base64 import b64decode

    • we discussed that the blob will be machine-generated, machine-read and it's unlikely that people will type or say the value
    • it's not an identifier so case sensitivity isn't a security issue (it doesn't give you access to another account)
    • therefore the WG happy to use BASE64 encoding in standard
  • We reviewed the JSON schema at https://github.com/TheIdentitySelector/thiss-mdq/blob/master/trustinfo.schema.json
  • Interim draft report
    • what we've done so far: EA name, base64, leaving stewardship of schema in SeamlessAccess for now
    • what still to do: logical operations, decide on how to develop XML and JSON together
  • pyFF uses XML schema creates blob according to scheme, SeamlessAccess uses JSON schema
  • Actually, it turns out that there is no schema, there's code: https://github.com/IdentityPython/pyFF/blob/2ecf7e114c5c62cac3e09f62fb241719b02b5476/src/pyff/samlmd.py#L965
  • Very happy that it's being tested in SeamlessAccess

Next steps:

  • WG publishes an internal report
  • WG focusses on getting the details of the blob right
  • Albert proposes an ACAMP session: InCommon view of it
  • Might be a second ACAMP session: federations PoV
  • No labels