Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Responded to all comments


Included as supporting material for implementers are two documents:


comment #Line/Reference #Proposed Change or QueryProposer / AffiliationAction / Decision (please leave blank)
15.1 Required Attributes

eduPersonEntitlement is no longer listed as required attribute, whereas just published its "Contract Language Model License Agreement 1.0" that refers to the pseudonymous entity category and lists the entitlement attribute.

Rather confusing. Is the new consultation not aligned with

Thomas Lenggenhager, SWITCH

The SeamlessAccess material refers to the older entity categories. The discussion of entitlements was not complete in either document, the original entity categories or this contract language model.

We recommend that all parties refer to Federated Authorization Best Practices for the best ways to handle authorization, including the use of entitlement. There must be further discussion (possibly in FIM4L) regarding the use cases and appropriate principles for authorization.

No change necessary to the entity category.

246-47"Application" is an overloaded term. In this sentence it refers to the application for inclusion in the entity category. I misread it at first to mean service provider web application. Can you add a couple of words of clarification to the sentence?Alex Stuart (Jisc)The text has been modified to remove the word "application" in favor of "request".
355-57Can you give an example of when a federation registrar would not remove the entity category when a Service Provider can no longer demonstrate compliance? I'd expect that the registrar MUST remove, not SHOULD.Alex Stuart (Jisc)We have modified the text to: "The federation registrar MUST remove the Entity Category if the Service Provider indicates a change in conformance. The federation registrar MUST have other remediation procedures to address a lack of compliance with these requirements."