Versions Compared

Old Version 14

changes.mady.by.user Tom Barton

Saved on

compared with

New Version Current

changes.mady.by.user Alex Stuart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TitleExtensions to MDQ
DescriptionThe RA21 and SeamlessAccess projects have defined two extensions to the MDQ protocol, one to enable a search capability and one to enable a "webfinger" query to determine "what the server knows". Leif Johansson has provided an example implementation with pyFF. This proposal is to have REFEDs help formalize these extensions, perhaps by working with Ian Young to evolve the MDQ specification. 
ProposerScott Koranda and Leif Johansson
Resource
requirements		People resources for help with planning and organization and to help shepherd the update. 
+1'sAlex Stuart


TitleDynamic errorURL
Description

After login at a service the service (SP) may be missing some information or requirements of the login, for example

  • To few attributes sent from the IdP
  • Required attribute valued is not sent from the IdP
  • The service requires REFEDS MFA capability of the IdP but not supported by IdP (according to IdP Metadata)
  • The IdP doesn't seem to support the forceAuthn SAML flag (either a SAML error from the errorURL or the AuthenticationInstant is not refreshed

There currently is no best-practice for how a service should inform users of non-technical shortcomings of logins. It would be convenient if IdP:s could supply URL:s to different support pages that services could referer to depending on pre-defined problems with logins. Many login problems are not detected until after login.

ACAMP at TechEx had a session regarding this. Notes and Post-ACAMP work are available at https://bit.ly/2rOYgl1

ProposerPål Axelsson
Resource requirementsA short term working-group to write up an errorURL profile with recommendations
+1'sAlbert Wu, Fredrik Domeij, Tom Barton

...