...
Number | Current Text | Proposed Text / Query | Proposer | Action |
|---|---|---|---|---|
| #1 | Existing Text | Your Change Proposal | Name | Please leave blank |
| 1 | 5.3.3 The Identity Provider releases the eduPersonScopedAffiliation attribute. | Should this imply to release this attribute *always* to *all SPs*, including to publishers that are happy with only 'common-lib-terms'? Why should just the IdPs need to do something and not the SPs? | Thomas Lenggenhager (SWITCH) | |
| 2 | http://refeds.org/category/academic-institution | Given that the REFEDS website now does https by default, should this be https://refeds.org/category/academic-institution | Guy Halse (SAFIRE) | |
| 3 | 5.3.3 The Identity Provider releases the eduPersonScopedAffiliation attribute. | How should the Identity Provider’s registrar perform this mandatory check? Would a statement by the IdP administrator be sufficient ? | Thomas Lenggenhager (SWITCH) | |
| 4 | 3. The following URI is used as the attribute value for the Entity Category... | Under section 5 only requirements for Identity Providers are defined but normally an IdP uses Entity Support Category not Entity Category. Is this per design or only a mistake? Comment from Rhys Smith: "normally an IdP uses Entity Support Category not Entity Category" - is correct, but only by coincidence. An entity that has a specific categorisation has an entity category. It just so happens that so far, all categorisations have been for SPs, and so the IdPs have the ESC. This is a categorisation about an IdP, so it's right the IdP has an EC. If there was a corresponding ESC, it would be assigned to the SP that supports that IdP EC. Propose dropping ECS text. | Pål Axelsson (SWAMID) | |
| 5 | 5.3.3 The Identity Provider releases the eduPersonScopedAffiliation attribute. | I would say that the behaviour of releasing euPersonScopedAffliliation to all SPs is not privacy by design as described in GDPR. It's a step away from data minimisation. euPersonScopedAffliliation is personal data even though it is not unique personal data. | Pål Axelsson (SWAMID) | |
| 6 | Add to section 5 | 5.4. additional recommendations 5.4.1 It is RECOMMENDED that IdP releases a unique, persistent and not targeted ID to Service Providers that support and display in their metadata the Research and Scholarship Entity Category [R&S] ... 6. References add: [R&S] REFEDS Research and Scholarship Entity Category v1.3 Sept. 2016 see https://refeds.org/category/research-and-scholarship | Peter Geitz (DAASI) | |
| 7 | Section 2 | is point 3 - "the institution is a research hospital, library or archive." meant to mean "research hospital, research library, or research archive", or what it says on the tin? | Rhys Smith (Jisc) | |
| 8 | 5.3.3 | how does a registrar check if an IdP releases ePSA? | Rhys Smith (Jisc) | |
| 9 | section 5. "Failure to do so MUST result in revocation of the entity’s membership in the category." Who makes the decision to revoke? | "Failure to do so MUST result in the registrar revoking | Mikael Linden (CSC) |
Other Comments / Observations
...