12 Sep 2016 at 14-15 (UTC), 16-17 (CEST), 9-10 (CDT)

Pål A
David L
Hannah S
Jim B
Tom B
Paul C
Mikael L, notes


  • good password practices?
    • entropy requirements for passwords getting more demanding every year. Instead of fixing it in the spec we should refer to an body that specifies what is currently good enough
    • what would be the body to define the current entropy requirements? REFEDS? We can propose that.
  • approach to Authentication section
    1. good enough for organisational’s internal systems
      • we need to define what they are
      • e.g. Administrational systems dealing with money (), personal data (HR), student information
    2. kantara AL2: password authentication with entropy requirements
    3. multifactor authentication
  • freshness of ePAffiliation
    • clarify that freshness here means the latency of the idm system to reflect the affiliation change in the institutional systems
    • think of complementing qualitative requirements (e.g. is a person qualifies as a ePA=faculty there must be an employment contract or other contract in place)
  • data protection
    • how to make sure Home Organisations are willing to release eduPersonAffiliation attribute (or similar)
  • proper references
    • In the LoA wireframe, refer to proper versions of the underlying specifications
  • next meeting: every 2 weeks at this time, starting on Oct 3?
    • after the meeting it was proposed to start 30 mins earlier
  • No labels