Attendees
Notes
Review Scott’s comments in the draft spec:
https://docs.google.com/document/d/1FQh2SLuxFlF4g9ARvMnXZxOlq4o4NXnNPJnRaC0ic6g/edit
Changed “MISSING_ATTRIBUTES” to “IDENTIFICATION_FAILURE” and added explanatory text
Added text to the user interface guidelines that offer SPs an option to maintain the control of the link to the errorURL
Review comments 5-8 in the consultation
Comment 5
The first part has been handled in the changes made.
The second part can be explained: “What use is it to tell the IdP what entity category the SP wants when it’s declared? The point is telling the IdP that allows the IdP to tailor a page to respond to this particular issue (e.g., we know what you want but we’re not going to give it to you, and you can tell the user that we know why it’s not going to work and it never will. “Our registrar does not allow to release these attributes without user consent.” Or “The FERPA selection prohibits this release")
Comment 6
We will be extending the IDENTIFICATION_FAILURE example.
Agree that we should clarify the examples where the SP echoes back content it doesn’t recognize. Scott will add text here. This needs to be optional in both directions.
Comment 7
This is more a request for a published endpoint to send errors directly between an SP and an IdP.
Our intent is that this is explicitly not intended; it needs to be clear who the content is targeted at. We have avoided any backchannel communication; we have discussed this and think that front channel is better. If we want to do something in the backchannel, that would be a different specification.
If they are automated, every time the user shows up without the necessary attributes, the reports back will never stop. Doing this the direct-to-IdP way is spamming. The reverse is also true. The user having to click on something is a natural throttle to keep this to a bear minimum.
Comment 8
We think this has been handled with the changes to MISSING_ATTRIBUTES
Action for Scott: add an IDENTIFICATION_FAILURE example to 4
Next steps
Scott will make changes to the examples
Heather will send draft comment responses to the list
Fredrik to update the demo site with IDENTIFICATION_FAILURE option
Team will meet in a week to go through the proposed text; once that’s posted, Heather will send out a community poll to allow for discussion of responses with all interested parties.