Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: responded to consultation comments


Included as supporting material for implementers are two documents:


comment #Line/Reference #Proposed Change or QueryProposer / AffiliationAction / Decision (please leave blank)

Is there a reason that pairwise-id is not listed as possible user identifier (at least in addition to subject-id for IDP release, with support RECOMMENDED for SPs)? 

Requiring the release of a omni-directional unique user identifier that will permit direct matching between supporting sites does not seem aligned with the stated minimum disclosure principle.

Email is widely used as an omni-directional, unique identifier. The working group did not feel there was any additional complexity or privacy concerns since email is already released in this entity category.

We did consider allowing pairwise id as an alternative, but since it wasn't adding any privacy benefits, we felt it was better to keep the attribute bundle as simple as possible.

No change to the document.

247-48Similarly to comment 2 on the Pseudonymous consultation, can you add a couple of words to clarify that RC2 is in the "application for inclusion in the Entity Category"Alex Stuart (Jisc)The text has been modified to remove the word "application" in favor of "request".
356-58Can you give an example of when a federation registrar would not remove the entity category when a Service Provider can no longer demonstrate compliance? I'd expect that the registrar MUST remove, not SHOULD.Alex Stuart (Jisc)We have modified the text to: "The federation registrar MUST remove the Entity Category if the Service Provider indicates a change in conformance. The federation registrar MUST have other remediation procedures to address a lack of compliance with these requirements."