REFEDS Assurance wg call

Fri 7 Jul 2017 at 15:30 CEST/8:30 CDT
Adobe Connect:

Chris W
Pål A
Tom B
David G
Mikael L


  • feedback for good-single-factor definition: design good-single-factor so that MFA always satisfies it
  • remaining consultation comments in the C category

   #15: is Espresso>Cappuccino?

    • clarify the table: X = property must be true and you must signal the property in the assertion
    • What if "Latte" is added in the next RAF version and it requires a subset of Espresso. If a CSP supports Espresso, it would automatically comply with Latte, but has not configured it’s Idp to signal it. Would that CSP become incompliant with RAF?  We must replace line 174 MUST=>SHOULD
    • Remove line 177-178 which says Espresso-CSP MUST assert also Cappuccino. Update lines 188-194.
    • make explicit in 2.2 that MFA satisfies good-single-factor

   #7: are Espresso and cappuccino Entity Attributes self-asserted and can IdP assert them without the EA?

   #8: concerns on federation operators’ role

  • putting responsibility to federation operators slows down adoption
  • the WG doesn’t believe Entity Attributes will be used for constructing IdP discovery
  • Outcome: drop SAML2 entity attributes completely from the profile

next call: Mikael to make a doodle for early September

  • No labels