- SeamlessAccess are almost ready to roll out to staging
- Profiles in the demo app are defined at https://md-dev.thiss.io/tinfo
- Some gaps in understanding on SeamlessAccess part about how metadata works
- Javascript snippet the SP uses will name the profiles, either sent in metadata or the global profiles
- ...so SP includes a profile that points to other profiles?
- We are happy with
https://refeds.org/entity-selection-profile
(and therefore need to commit to that in any specificaton) PR has
from base64 import b64decode
- we discussed that the blob will be machine-generated, machine-read and it's unlikely that people will type or say the value
- it's not an identifier so case sensitivity isn't a security issue (it doesn't give you access to another account)
- therefore the WG happy to use BASE64 encoding in standard
- We reviewed the JSON schema at https://github.com/TheIdentitySelector/thiss-mdq/blob/master/trustinfo.schema.json
- Interim draft report
- what we've done so far: EA name, base64, leaving stewardship of schema in SeamlessAccess for now
- what still to do: logical operations, decide on how to develop XML and JSON together
- pyFF uses XML schema creates blob according to scheme, SeamlessAccess uses JSON schema
- Actually, it turns out that there is no schema, there's code: https://github.com/IdentityPython/pyFF/blob/2ecf7e114c5c62cac3e09f62fb241719b02b5476/src/pyff/samlmd.py#L965
- Very happy that it's being tested in SeamlessAccess
Next steps:
- WG publishes an internal report
- WG focusses on getting the details of the blob right
- Albert proposes an ACAMP session: InCommon view of it
- Might be a second ACAMP session: federations PoV