Review Scott’s comments in the draft spec:

  • Changed “MISSING_ATTRIBUTES” to “IDENTIFICATION_FAILURE” and added explanatory text

  • Added text to the user interface guidelines that offer SPs an option to maintain the control of the link to the errorURL

Review comments 5-8 in the consultation 

  • Comment 5 

    • The first part has been handled in the changes made.

    • The second part can be explained: “What use is it to tell the IdP what entity category the SP wants when it’s declared? The point is telling the IdP that allows the IdP to tailor a page to respond to this particular issue (e.g., we know what you want but we’re not going to give it to you, and you can tell the user that we know why it’s not going to work and it never will. “Our registrar does not allow to release these attributes without user consent.” Or “The FERPA selection prohibits this release")

  • Comment 6

    • We will be extending the IDENTIFICATION_FAILURE example.

    • Agree that we should clarify the examples where the SP echoes back content it doesn’t recognize. Scott will add text here. This needs to be optional in both directions.

  • Comment 7

    • This is more a request for a published endpoint to send errors directly between an SP and an IdP.

    • Our intent is that this is explicitly not intended; it needs to be clear who the content is targeted at. We have avoided any backchannel communication; we have discussed this and think that front channel is better. If we want to do something in the backchannel, that would be a different specification. 

    • If they are automated, every time the user shows up without the necessary attributes, the reports back will never stop. Doing this the direct-to-IdP way is spamming. The reverse is also true. The user having to click on something is a natural throttle to keep this to a bear minimum.

  • Comment 8

    • We think this has been handled with the changes to MISSING_ATTRIBUTES

    • Action for Scott: add an IDENTIFICATION_FAILURE example to 4

Next steps

  • Scott will make changes to the examples

  • Heather will send draft comment responses to the list

  • Fredrik to update the demo site with IDENTIFICATION_FAILURE option

  • Team will meet in a week to go through the proposed text; once that’s posted, Heather will send out a community poll to allow for discussion of responses with all interested parties.

  • No labels