Present

• Alex Stuart 
• Albert Wu 
• Pål Axelsson 
• Björn Mattsson 
• David Walker 
• Zacharias Törnblom 

Agenda

• Getting to a REFEDS consultation on the spec as it stands
• Composition rules: looks like the SeamlessAccess folk have asked for the spec to address composition rules.
• Does this group think we want to continue into the next phase of the work (actually updating the TrustInfo spec itself) in 2025? If so, we should propose an item on the REFEDS work plan. One alternative is that SeeamlessAccess run the group because they have the best chance of getting all the stakeholders in a room. If we do want to run it out of REFEDS, we must also determine who would chair, since Alex Stuart is unable to commit the time to do so.

Minutes

• Start with the last item ... A joint WG? Must have SeamlessAccess actively involved, but do they have capacity? This did come up during the SeamlessAccess meetup at TechEx.
• Publishers don't have multi-lateral federation as one of their priorities for SeamlessAccess (to be crude: they just want to display their customers' IdP names) and if they drive the specification, there's a risk it will move far away from R&E.
• The meeting has consensus about running a joint WG
  • REFEDS has experience in standardisation
  • REFEDS can do consultations
  • REFEDS have own use cases which are not the same as publishers
  • but REFEDS don't have good visibility into SeamlessAccess
  • both REFEDS and SeamlessAccess are grappling with SAML to OIDC transition
• Filtering was discussed long time ago in RA21, so should standard live with NISO? Potentially, but publishers may not have capacity to get involved in the standardisation; they just want the spec. And see our previous comment on discovery use cases outwith publishers. Note that the NISO plus conference (February 10-12) has SeamlessAccess talking about browser changes, but not discovery: https://nisoplusbaltimore25.sched.com/event/1olIQ/seamlessaccess-and-browser-changes-updates
• If fed doesn't support EA, what will publishers that want to use it? Lots of things which don't directly affect trustinfo.
• Use cases for trustinfo spec
  • today's SAML federations
  • tomorrow's OID federations
  • SP-specific bilateral federation
• Zacharias Törnblom has indicated he can chair the REFEDS WG
• Action items
  • get current draft to consultation
  • propose new WG with composition and OpenID Federation becoming part of the next phase of WG
  • Alex Stuart to set up meeting for next week
  • Next week: discuss the consultation
• Discussion then turned to OIDC ... current trustinfo talks about SAML elements. How do we move to OIDC? Build an encapsulation? But that creates a hard binding through the middle layer. Or can we find an off-the-shelf query language? Can we assume some underlying structure? Grammar constant, vocabulary different for different backends.
• Current deployments must have XML version, but is that the authoritative language or would the XML schema be derived from the definitive spec? Some considerations:
  • define in strictest than translate to loose (i.e. XML before JSON)
  • which representation has most maintainers?
  • or use a natural language which gets an abstract version
  • we should not define in a computer language that's deprecated
• Chicken and egg: need to know about the new world of OIDFed to know what to specify, but OIDFed needs this spec to work first, and no-one has adopted it.
• Can SeamlessAccess drop their use of XML?