Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

comment #Line/Reference #Proposed Change or QueryProposer / AffiliationAction / Decision (please leave blank)
1233-241Since SIRTFI v2 is a superset of v1, listing an attestation of compliance with v1 as part of the requirements is superfluous and these lines should be removedNicole RoyTo avoid some metadata processing complexity by relying parties and to ease migration between versions, the working group decided to explicitly ensure the presence of the Sirtfi (v1) Attribute in an entity's metadata whenever the Sirtfi v2 Attribute is present, reflecting the fact that v2 is a superset of v1. Text was added to the Syntax section explaining why this is the specified practice.
20-nIs a diff between the v1 and v2 specifications available? Not only useful for the consultation but probably also later for existing implementers of v1.Thijs KinkhorstGreat suggestion, and also a version history is a new requirement of the REFEDS approach to specification versioning. A complete version history was added to the specification.
3285The reference to the REFEDS metadata extension appears to be wrong per the XML Schema Definition (Metadata Extension Schema): the namespace URI in the example is "https://refeds.org/metadata" instead of "http://refeds.org/metadata".Davide VaghettiGood catch! This was fixed in the spec and will also be reflected in updated guidance documents being prepared for publication along with v2.
4129 - 135

The coordinating CSIRT needs to be aware of incidents affecting/involving eduGAIN entities, otherwise it will get very difficult to coordinate any concerted response.

[IR3] Notify security contacts of of the eduGAIN CSIRT and entities participating in Sirtfi when a security incident

investigation suggests that those entities are involved in the incident. Notification

should also follow the security procedures of any federations to which your

organisation belongs.

Sven GabrielThe working group discussed this with Sven. We agreed that this concern is better addressed as guidance rather than normative text because not all federated entities belong to eduGAIN, and some will have other coordinating CSIRTS they are obligated to notify. A better place to do this is at eduGAIN, and the eduGAIN Futures WG has this in their draft report already.