...
Line Number / Reference | Proposed Change or Query | Proposer / Affiliation | Action / Decision (please leave blank) | |
---|---|---|---|---|
1 | 25 | "continual trust improvements" this phrase is not very clear to me. What is a "trust improvement"? | Hannah Short/CERN | |
2 | 29 | the majority of the requirements are SAML independent, is there any reason to tie this to SAML? It might be more useful for future OIDC fed efforts if it were generic | Hannah Short/CERN | |
3 | 37/51/64 | should these contacts also cover security issues as well as operational? | Hannah Short/CERN | |
4 | 39/53 | I suppose it's intentional that Sirtfi is not mentioned? Is it intended that the "security practices" be the ones from Sirtfi? It may be worth clarifying somehow, though I appreciate the value of keeping the docs independent | Hannah Short/CERN | |
5 | additional requirement | Proposed addition: "“Any Federation services must support the exchange / storage and processing of personal information compliant with GDPR” | Andreas Matheus, Secure Dimensions | |
6 | 10 | Typo of "interfederatons" for "interfederations" | Andrew Cormack/Jisc | |
7 | 30 | Maybe clearer to explicitly add, "Those organisations are referred to as XXX Operators." | Andrew Cormack/Jisc | |
8 | 37 | [IdP3] feels like "You publish contact information and respond in a timely fashion to operational issues", rather than "Your IdP must have contact information..."? | Andrew Cormack/Jisc | |
9 | 51 | [SP3] feels like "You publish contact information and respond in a timely fashion to operational issues", rather than "Your Service must have contact information..."? | Andrew Cormack/Jisc | |
10 | 58 | typo of "respects" for "respect". | Andrew Cormack/Jisc | |
11 | 58/9 | "unless governed by an applicable contract" seems odd, better maybe "requirements may be set out in an applicable contract"? | Andrew Cormack/Jisc | |
12 | 62 | typo "be" for "are" | Andrew Cormack/Jisc | |
13 | 64 | [FO2] feels like "You publish contact information and respond in a timely fashion to operational issues", rather than "Your Service must have contact information..."? | Andrew Cormack/Jisc |