REFEDS assurance wg call
14 November 2016 14:30-15:30 (UTC), 15:30-16:30 (CET), 8:30-9:30 (CST)
Adobe Connect, https://connect.sunet.se/edugain
Nicolas
Christos
Pål
Licia
David L
David G
Mikael
Notes
- document: https://docs.google.com/document/d/15v65wJvRwTSQKViep_gGuEvxLl3UJbaOX5o9eLtsyBI/edit
- key updates since last vc
- introduced URI for all values and added an example as Appendix B
- added section 3 which collapses the multi-dimensional values to scalar levels for convenience (currently two levels, minimal and high)
- added section 4 which mounts the values to SAML constructs (attribute statements, authentication contexts, entity attributes)
- discussion in the vc
- make ORG/baseline mandatory for the profile i.e. a CSP cannot signal conformance with the profile if it fails the baseline
- introduce Entity Attributes for signaling that the IdP supports the minimal and higher assurance profile
- as a compromise of signaling everything in Entity Attributes and signaling nothing in Entity Attributes
- use authentication context to signal the authentication assurance
- because there is the mechanism for an SP to request a particular authentication context
- EGI has an ongoing discussion on Level of assurance: https://wiki.egi.eu/wiki/EGI-Engage:TASK_JRA1.1_Proposal_for_Levels_of_Assurance
- there was discussion on an appropriate naming of the levels (minimal, higher, …).
- c.f. IGTF uses birch (~higher), dogwood (~minimal), aspen etc
- we are open to ideas on proper naming
- next steps
- REFEDS/AARC meeting in CERN in two weeks – what to present?
- request informal comments from REFEDS, focusing on section 2
- request informal comments from AARC, focusing on section 3
- schedule formal consultation on the full profile in early 2017
- next vc week after REFEDS meeting – Monday 5th December14:30-15:30 (UTC), 15:30-16:30 (CET), 8:30-9:30 (CST)