REFEDS assurance wg call
14 November 2016 14:30-15:30 (UTC), 15:30-16:30 (CET), 8:30-9:30 (CST)

Adobe Connect, https://connect.sunet.se/edugain

Nicolas
Christos
Pål
Licia
David L
David G
Mikael

Notes

- document: https://docs.google.com/document/d/15v65wJvRwTSQKViep_gGuEvxLl3UJbaOX5o9eLtsyBI/edit

- key updates since last vc

  • introduced URI for all values and added an example as Appendix B
  • added section 3 which collapses the multi-dimensional values to scalar levels for convenience (currently two levels, minimal and high)
  • added section 4 which mounts the values to SAML constructs (attribute statements, authentication contexts, entity attributes)

- discussion in the vc

  • make ORG/baseline mandatory for the profile i.e. a CSP cannot signal conformance with the profile if it fails the baseline
  • introduce Entity Attributes for signaling that the IdP supports the minimal and higher assurance profile
    • as a compromise of signaling everything in Entity Attributes and signaling nothing in Entity Attributes
  • use authentication context to signal the authentication assurance
    • because there is the mechanism for an SP to request a particular authentication context
  • EGI has an ongoing discussion on Level of assurance: https://wiki.egi.eu/wiki/EGI-Engage:TASK_JRA1.1_Proposal_for_Levels_of_Assurance
  • there was discussion on an appropriate naming of the levels (minimal, higher, …).
    • c.f. IGTF uses birch (~higher), dogwood (~minimal), aspen etc
    • we are open to ideas on proper naming

- next steps

  • REFEDS/AARC meeting in CERN in two weeks – what to present?
    • request informal comments from REFEDS, focusing on section 2
    • request informal comments from AARC, focusing on section 3
  • schedule formal consultation on the full profile in early 2017

- next vc week after REFEDS meeting – Monday 5th December14:30-15:30 (UTC), 15:30-16:30 (CET), 8:30-9:30 (CST)

 

  • No labels