...
| Line Number / Reference | Proposed Change or Query | Proposer / Affiliation | Action / Decision (please leave blank) | |
|---|---|---|---|---|
| 1 | 25 | "continual trust improvements" this phrase is not very clear to me. What is a "trust improvement"? | Hannah Short/CERN | |
| 2 | 29 | the majority of the requirements are SAML independent, is there any reason to tie this to SAML? It might be more useful for future OIDC fed efforts if it were generic | Hannah Short/CERN | |
| 3 | 37/51/64 | should these contacts also cover security issues as well as operational? | Hannah Short/CERN | |
| 4 | 39/53 | I suppose it's intentional that Sirtfi is not mentioned? Is it intended that the "security practices" be the ones from Sirtfi? It may be worth clarifying somehow, though I appreciate the value of keeping the docs independent | Hannah Short/CERN | |
| 5 | additional requirement | Proposed addition: "“Any Federation services must support the exchange / storage and processing of personal information compliant with GDPR” | Andreas Matheus, Secure Dimensions | |
| 6 | NA | Re: the comment on line 5 of this consultation table- many jurisdictions in which R&E federations operate are not subject to GDPR. I'd suggest something much more general such as "respect the privacy rights of individuals". | Nic Roy, InCommon | |
| 7 | 10 | Typo of "interfederatons" for "interfederations" | Andrew Cormack/Jisc | |
| 8 | 30 | Maybe clearer to explicitly add, "Those organisations are referred to as XXX Operators." | Andrew Cormack/Jisc | |
| 9 | 37 | [IdP3] feels like "You publish contact information and respond in a timely fashion to operational issues", rather than "Your IdP must have contact information..."? | Andrew Cormack/Jisc | |
| 10 | 51 | [SP3] feels like "You publish contact information and respond in a timely fashion to operational issues", rather than "Your Service must have contact information..."? | Andrew Cormack/Jisc | |
| 11 | 58 | typo of "respects" for "respect". | Andrew Cormack/Jisc | |
| 12 | 58/9 | "unless governed by an applicable contract" seems odd, better maybe "requirements may be set out in an applicable contract"? | Andrew Cormack/Jisc | |
| 13 | 62 | typo "be" for "are" | Andrew Cormack/Jisc | |
| 14 | 64 | [FO2] feels like "You publish contact information and respond in a timely fashion to operational issues", rather than "Your Service must have contact information..."? | Andrew Cormack/Jisc | |
| 15 | General | Do we have an expectation on any parts of the required information to be published in English? If so should that be made explicit? While this is perhaps not a requirement on an federation level, it would sure help when wanting to compare baseline between federations as may be needed for eduGAIN now or at some later time? | Niels van Dijk / SURF | |
| 16 | 24/75 | The reference named IFBE is the document itself. Did you mean the repository for this document and supporting material? Then better name it as repository. | Thomas Lenggenhager / SWITCH | |
| 17 | 29 | Move SAML specific references to a dedicated section or appendix. That allows to later add OIDC specifics. In the SAML section refer to the two Kantara Federation Interoperability Profiles (Implementation and Deployment). | Thomas Lenggenhager / SWITCH |