REFEDS assurance wg vc

Monday 5th December 14:30-15:20 (UTC)
connect.sunet.se/eduGAIN
David L
David G
Maarten K
Nicolas L
Christos K
Paul C
Chris W
Mikael L

Notes

Link to document: https://docs.google.com/document/d/15v65wJvRwTSQKViep_gGuEvxLl3UJbaOX5o9eLtsyBI/edit#

Updates since last vc

  • removed ATP/authoritative (as per the discussion with REFEDS IoLR WG). Use shibmd:scope to filter out non-authorative scope values.
  • copied Baseline expectations for IdPs from InCommon (Final v1, September 2016)

Discussion during the vc

  • REFEDS and AARC encouraged to replace ”minimal” and “higher” with something else
    • let’s select fruits, select some with no obvious alphabetical order: banana, mango
  • eduPersonAssurance=$PREFIX$/ATP/validated/<attributename>  for attribute assurance?
    • the meeting agreed on this principle to approach the problem
    • Should the definitions be introduced in this assurance profile or should it be a separate document? Conclusion seemed to be to integrate the approach to this document
    • Mandatory for mango or banana? Let's not make it mandatory for any levels so that it won't become an obstacle for adoption in the CPS side. Instead, just introduce an approved way to express the LoA of a given attribute
    • What would be in <attributename>? Let's adopt the most straightforward way and follow the protocol's approach for naming: for SAML2 it will be the OID of the attribute in question, for OIDC use the name of the claim.

Next steps

  • exposing to public consultation Jan-Mar 2017
    • Before that, try to find some pre-readers with good track record to provide comments before the end of December: Peter S, Ian Y, Jim B?
    • What about the MFA profile part? Check with TomB and Nicole (cc: Maarten)

Next vc: 9th Jan 14:30-15:30 (UTC), 15:30-16:30 (CET), 8:30-9:30 (CST)

 

  • No labels