REFEDS Assurance wg call
Fri 7 Jul 2017 at 15:30 CEST/8:30 CDT
Adobe Connect: http://connect.sunet.se/eduGAIN
Chris W
Pål A
Tom B
David G
Mikael L
Notes
- link to the Assurance Framework consultation comments doc: https://docs.google.com/document/d/1_30AeM1zUySTcRmfva66y2WVfKDkroEzPQg1k-vDpMY/edit
- link to the original RAF in Google drive: https://docs.google.com/document/d/15v65wJvRwTSQKViep_gGuEvxLl3UJbaOX5o9eLtsyBI/edit
- feedback for good-single-factor definition: design good-single-factor so that MFA always satisfies it
- remaining consultation comments in the C category
#15: is Espresso>Cappuccino?
- clarify the table: X = property must be true and you must signal the property in the assertion
- What if "Latte" is added in the next RAF version and it requires a subset of Espresso. If a CSP supports Espresso, it would automatically comply with Latte, but has not configured it’s Idp to signal it. Would that CSP become incompliant with RAF? We must replace line 174 MUST=>SHOULD
- Remove line 177-178 which says Espresso-CSP MUST assert also Cappuccino. Update lines 188-194.
- make explicit in 2.2 that MFA satisfies good-single-factor
#7: are Espresso and cappuccino Entity Attributes self-asserted and can IdP assert them without the EA?
#8: concerns on federation operators’ role
- putting responsibility to federation operators slows down adoption
- the WG doesn’t believe Entity Attributes will be used for constructing IdP discovery
- Outcome: drop SAML2 entity attributes completely from the profile
next call: Mikael to make a doodle for early September