...
Title | One last attempt at harmonizing identifier use |
---|---|
Description | The existing identifier complexity is maddening. Possibly push for adoption of the Subject-ID spec everywhere an identifier is needed, to reduce complexity for all involved going forward. Replaces eduPersonTargetedID, SAML 2.0 persistent NameID, eduPersonUniqueID and (partially) eduPersonPrincipalName. Might help align with private/public identifiers in OIDC.
Content-wise this could say something: For SPs, signal/use subject-id if you require a shared/public identifier, if not available also accept ePUID (if not available also accept ePPN?). Signal/Use pairwise-id if you don't require correlation between multiple SPs, if not available also accept persistent NameIDs (in the Assertion's Subject), if not available also accept eduPersonTargetedId. For IDPs, have them all available, but release in the given precedence if multiple ones are signalled by the SP. I.e., provide strong guidance on what to use when (achieve consistency, lessen complexity mid-term), but help with interop today (and possibly improve privacy and data protection compliance) by giving precendece lists for alternative attributes. |
Proposer | peter@aco.net |
Resource requirements | Lots of shepherding, discussions with R&S and CoCo deployers, eduGAIN Steering, etc. |
+1's | Nick Roy, InCommon Judith Bush, OCLC |
Title | OIDCre federation policies |
---|---|
Description | OIDCre federations are moving into pilot phases and discussions on how to run hybrid SAML/OIDC federations are happening now. Rather than having to go back and try and normalize the policies for OIDCre federations, let's take a look at what we think the policy space should look like and create the necessary templates |
Proposer | TIIME 2018, roland@sunet.se |
Resource requirements | ? |
+1's | Nick Roy, InCommon |
...