...
Areas questioned | Potential issues |
---|---|
Is R&S focused on the requirements of the service or the organisational type | Issues with not having a definition of an R&S / R&E organisation and the fact that most organisations have business arms to R&E structure |
Should "commercial" services be allowed | No way to distinguish the nuance in commercial vs paid for |
Should services that are contracted be allowed | Contracts are paid for things like collaborative wikis, having a contract does nothing to help the IdP administrator formulate an attribute release policy |
Should "management" be dropped from the definition statement | |
Is this about translation of real world trust (need to collaborate with other humans) into the spec | |
Should services that are "operated for" IdPs be allowed (e.g. cloud infrastructure - geant.altassian.com vs wiki.geant.org) | Who is registering the entity, which challenges are there with registering cloud entities, how do you determine the difference between a private / community based approach vs just having an account in a commercial environment |
Problem of only calling out e-journals in the existing spec | Better phrased as something like "Service Provider MUST be able to prove that it has a legitimate need for the personal data in the attribute bundle." (positive rather than negative entry requirement). |
...