REFEDS Assurance pilot telco
Monday 5th  March 2018 at 15:30 CET/16:30 EET/8:30 CST
CERN’s Vidyo portal: https://www.nikhef.nl/grid/video/?m=rawg
Jim B
David L
Timo T
David G
Mikael L

Notes

- reviewed of the pilot IdP table

- findings in the RAF/SFA specs

  • The meeting proposed to the assurance WG that the eduPersonAssurance=MFA/SFA to indicate MFA/SFA capacity is dropped. That feature has little benefit but a high risk of misunderstanding.
  • Clarify ePAffiliation freshness requirement when no affiliation value is populated.
  • ID-unique requirements on tracing accounts to their holders. Timo found some confusing language, Timo to report back the confusing section

 - RAF and SFA are still in flux. How to take into account in the pilot?

  • no major updates expected, just smaller tweaks.
  • Mikael to bring information on the updates on RAF/SFA to the pilot telcos

- populating the values for pilot IdPs

  • any configuration examples to share? Mikael to create a links page to the wiki
  • Pilot IdPs’ approach to authentication context
    • Chicago: if SP doesn’t ask, do MFA or the highest possible
    • Aalto: if MFA requested do MFA, otherwise deliver username/password

 - making the IdPs release the ePAffiliation values

  • Chicago and XCEDE release attributes to REFEDS R&S SPs
  • Aalto requires REFEDS CoCo but can enable others on a bilateral basis
  • IdPs need to enable ePAssurance release anyway (is not part of R&S bundle)

- SP-side test pages to display the attributes and authentication contexts received

- next pilot call: Monday 19th March 2018 at 14:30 CET/15:30 EET/8:30 CDT

  • US starts daylights savings – meeting one hour earlier for Europe

 

  • No labels