REFEDS assurance framework/SFA pilot telco
Monday 14th May 2018 at 15:30 CEST/16:30 EEST/8:30 CDT
CERN’s Vidyo: https://www.nikhef.nl/grid/video/?m=rawg
- public consultation on RAF and SFA started and open until 22 June
- spread the word!
- can we say the pilot is based on the version exposed to the public consultation? any gaps?
- Daniel thinks Chicago (Unicon) is pretty close to RAF/SFA
- Jim thinks the changes to RAF/SFA do not impact XCEDE/CILogon
- Mikael will cross-check with Aalto and CSC. Depending on the results, we can say the pilot is done based on the specs currently exposed to public consultation.
- new test findings?
- testing with EGI SP (bilateral metadata exchange): Nicolas to exchange metadata with Jim and Daniel
- updates on config examples?
- Daniel will provide some more configs to the wiki
- Michal to provide some SimpleSAMLphp examples. He has made a pull request for SSp for passing authenticationcontextclassref from a downstream SP to the home organisation IdP. The request is relevant only in the context of proxy-IdP.
- remaining comments on the final report?
- send any remaining comments to Mikael or directly to the document
- Mikael will publish the final report in REFEDS meeting in Trondheim in 10 June
- liaising with OIDCre on ePAssurance scopes
- Niels: “I would lean towards representing all eduPerson (and similar) attributes with a claim AND a scope equivalent”
- Mischa: “I think you're reasoning makes a lot of sense... On the other hand, it does provide a lot of flexibility… so I'm wondering if we could leave it a bit open?”
- Can OIDC Authentication method references claim be used for mounting the RAF values instead of eduPersonAssurance? That would stretch the OIDC spec too much as RAF values do not signal authentication methods but identity assurance.
- Decided to have no follow-up call. Remaining edits to final report can be done by e-mail.
- Mikael thanked pilot participants for their time and passion for the RAF/SFA pilot