REFEDS Assurance pilot telco
Monday 5th March 2018 at 15:30 CET/16:30 EET/8:30 CST
CERN’s Vidyo portal: https://www.nikhef.nl/grid/video/?m=rawg
Jim B
David L
Timo T
David G
Mikael L
Notes
- reviewed of the pilot IdP table
- findings in the RAF/SFA specs
- The meeting proposed to the assurance WG that the eduPersonAssurance=MFA/SFA to indicate MFA/SFA capacity is dropped. That feature has little benefit but a high risk of misunderstanding.
- Clarify ePAffiliation freshness requirement when no affiliation value is populated.
- ID-unique requirements on tracing accounts to their holders. Timo found some confusing language, Timo to report back the confusing section
- RAF and SFA are still in flux. How to take into account in the pilot?
- no major updates expected, just smaller tweaks.
- Mikael to bring information on the updates on RAF/SFA to the pilot telcos
- populating the values for pilot IdPs
- any configuration examples to share? Mikael to create a links page to the wiki
- Pilot IdPs’ approach to authentication context
- Chicago: if SP doesn’t ask, do MFA or the highest possible
- Aalto: if MFA requested do MFA, otherwise deliver username/password
- making the IdPs release the ePAffiliation values
- Chicago and XCEDE release attributes to REFEDS R&S SPs
- Aalto requires REFEDS CoCo but can enable others on a bilateral basis
- IdPs need to enable ePAssurance release anyway (is not part of R&S bundle)
- SP-side test pages to display the attributes and authentication contexts received
- CIlogon has one: https://test.cilogon.org/testidp
- next pilot call: Monday 19th March 2018 at 14:30 CET/15:30 EET/8:30 CDT
- US starts daylights savings – meeting one hour earlier for Europe