Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

3. Major modifications to the Assurance profile since last vc:  

3.1. based on the discussion on the mailing list 8-9 Dec, dropped the attribute assurance section from the profile (except ePSA freshness)

...

3.2. adopted terms from ITU-T X.1254: credential issuance (was: delivery), credential replacement (was: renewal)

...

3.3. moved the 5th component (baseline expectations for IdPs) to section 3 (conformance criteria), as Jim and Ian proposed it would clarify the approach.

...

3.4. on SAML2, dropped the use of AuthenticationContexts. Instead deliver Authentication Assurance using eduPersonAssurance like the other values. Added a footnote that an RP can ask MFA in AuthenticationRequest’s Authentication context as defined in REFEDS MFA profile.

    • this modified approach is difficult for IdP configuration -- easier for an IdP admin to get the authncontext right than to mount the value on the fly to ePAssurance.
    • Pål to formulate an e-mail on the alternatives and send it to the mailing list for better understanding of the two alternatives and their pros/cons

 

4. Main comments/proposals from Ian, Jim et al for discussion: 

4.5. Banana and Mango. Ian: "hard to take seriously". Nicole's poll: coffees are leading.

    • Go for coffees.

...

4.6. what to do with ePTID? ("ePTID is a legacy thing and therefore probably should not be put into any new  specifications.").

    • Add an"ePTID is discouraged" footnote

...

4.7. do we want to expect REFEDS to regularly re-evaluate password entropy requirements: ("their entropy must meet the requirements set by AL2_CM_CRN#040, unless REFEDS has agreed on a higher requirement.").

    • drop the requirement to REFEDS re-evaluating password entropy

...

4.8. ePA freshness requirement imposed just on ePSA or for all ePA, ePSA and ePPA?

    • Make ePA requirement to apply to both ePSA and ePA byt not ePPA.

...

4.9. Jim: "Drop SAML2 metadata entity attributes, too complicated for IdPs and introduces problems for federation operator responsibilities".

    • no time to discuss this one.

...

4.10. Nicole: Rename Level to Profile (to indicate they have no order).

    • no time to discuss this one.

5. Next steps

  • Ian volunteered to have another look at the profile

...