Versions Compared

Old Version 6

changes.mady.by.user Alex Stuart

Saved on

compared with

New Version 7

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Review previous meeting, open actions

'Homework'

...


homework - Identity Providers


Alex and Jon from UKAMF have looked at the IdP requirements in Baseline. For the homework, we've looked at InCommon's IdP requirements. There are differences between InCommon and UKfed metadata requirements so it would be difficult to lift requirements directly.


Point 2 for IdPs: would you trust your own systems to be used by IdPs. Is it trusted?Alex: IdP-04: PrivacyStatementURL only in place for 1 IdP in UKfed.
Jon: Privacy policy sometimes not publicly available.


Miro stated that the baseline should be the basis of collaboration. The eduGAIN baseline should be less strict than federation baselines.

Alex: IdP-04: PrivacyStatementURL only in place for 1 IdP in UKfed.
Jon: Privacy policy sometimes not publicly available.

Alan - the baseline should be no looser than the lowest federation 'tightness'

Pal: lowest level we do now is technical contacts, MDUI, etc. Might already be definded in the SAML profile.

Alex: Only two IdPs in eduGAIN don't have MDUI:displayName

Alan & Pal: Then it should be possible to do MUST MDUI:displayName

Alans Notes

homework -

Alex and Jon from UKAMF have looked at the IdP requirements in Baseline

cannot be lifted over....

Miro - lower eduGAIN baseline...federations can be tighter


Alan - the baseline should be no looser than the lowest federation 'tightness'Point 2 for IdPs "The IdP is operated with organizational-level authority": Would you trust your own systems to be used by IdPs. Is it trusted?


"The IdP is operated with organizational-level authority" - will ned need to work on the wording here. what about

IdPs operated by a service/3rd party - okay if thats it's with the authority of the organisation.  SWAMID covers

this with their policy - maybe polices can be used.  what about the federation federation metadata? - doesntdoesn't

yet exist but vetting could be shown in the form of flags/enums for processes followedfollowed institutions with multiple IdPs - someone

of a senior enough level can get it into the federation. how to checkcheck or confirm its authorised?

...

practices but this statement didnt didn't have any noted contention

...

SAML2Int only requires SPs to have thisprivacy policy URL. most were okay with SPs in this way right now

...

discussion stopped just before going into SP requirements in the baseline due to time restraints.


Next steps, timeline


AOB