Child pages
  • 2021-06-10 R&S 2.0 Notes

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added meeting notes

V/C info

Topic: R&S 2.0 WG call
Time: Jun 10, 2021 06:00 PT | 09:00 ET | 15:00 CEST

Join Zoom Meeting
https://us02web.zoom.us/j/84770823774?pwd=RzlJUDU0RU9Wd09YRXdPbFd4Qk5xUT09

Meeting ID: 847 7082 3774
Passcode: 102333
One tap mobile
+12532158782,,84770823774#,,,,*102333# US (Tacoma)
+13462487799,,84770823774#,,,,*102333# US (Houston)

Dial by your location
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 669 900 6833 US (San Jose)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
Meeting ID: 847 7082 3774
Passcode: 102333
Find your local number: https://us02web.zoom.us/u/kwRL7wyGS

Join by Skype for Business
https://us02web.zoom.us/skype/84770823774

Attendees



Working Draft

Agenda

  1. Recap of consensus so far - note that all changes will need to be validated via the consultation process
    1. The FAQ will be revised to offer clarity on the term "affiliation" (see Research and Scholarship FAQ) and editorial changes made to the spec to make it more clear (see new draft spec for updated structure)
    2. eduPersonScopedAffiliation will become a required value
    3. R&S will require privacy statements
    4. subject-id should be listed as the new identifier
    5. R&S 1.3 and R&S 2.0 can co-exist; no migration detail will be included in the spec itself.
    6. ePPN and targeted ID to both be removed from R&S 2.0
    7. Information on OIDC requirements will be moved to R&S 2.1 (after the OIDF OIDCre working group has formal documentation in this space)
    8. eduPersonAssurance will be required, RAF recommended
    9. We'll resolve the need for information on the origin organization by adding guidance for the use for eduPersonScopedAffiliation
    10. DisplayName and Given/SN are required
  2. Definition Statement for R&S
    1. Review new alternative to R&S 2.0
  3. Discussion of subject-id as source for origin organization (if not resolved on the list)

  4. Solicitation of volunteers to focus on supporting documentation
  5. Normalizing organizational attributes between R&S, Anonymous, Pseudonymous Entity Categories

Notes

  1. Definition Statement for R&S
    1. Review new alternative to R&S 2.0
    2. Poll: Which entity category should we focus on: R&S 2.0 (3 people, 33%), Identifiable User (5 people, 56%), Both, I Need More Information (1 person, 11%)
    3. The proposal to call this Personalized Authorization seems to resonate.
    4. We could layer on the concept of R&S to Personalized Authorization.
    5. Personalized Authorization is an entirely different approach that let's us avoid the unsolvable issue of defining what R&S means in all federations. Instead, we're focusing on whether the SP needs the attributes, regardless of whatever R&S means. People don't release data just because of the type of service; there are other considerations regarding what country they are in, what they need it for, etc.
    6. R&S may be easier to promote because it is well known.
    7. Reminder that for assurance, you have to say what you're doing (which may be nothing). The big change in R&S 2.0 is actually subject-id.
    8. All the difficult questions for Personalized Authorization are around marketing and politics, not technical merit.
    9. Does CoCo fit into this realm of entity categories? It's just a different way of asking for the same kind of data. The only thing we can monitor and check is the privacy URL. This entity category doesn't help make a sensible decision about the attribute bundle.
    10. Should we do a pre-consultation effort? It might not be clear until we have cleaned up the text and removed R&S. Need to frame it and present it as an extension of the other entity categories. The consultation will be something of a unit for the whole bundle.
    11. We have also proposed some structured language around R&S to offer guidance to fed ops on when and how to apply it. In either category, fed ops would need to actively opt into this. We want to get to the point where there is an understanding that there is a fed ops process. This is in supporting material, not in the spec itself. We can move to get community buy in on this right now.
  2. Normalizing organizational attributes between R&S, Anonymous, Pseudonymous Entity Categories
    1. Particularly regarding how organizations are identified, we need to determine if consistency across all the entity categories is possible (it is definitely desirable)
    2. Homework: working group members need to read through the other entity categories so we can discuss them in conjunction with Personalized Authorization. If we want to propose changes to those specs in favor of the work done in this working group, that's ok.
  3. Discussion of subject-id as source for origin organization (if not resolved on the list)

    1. postponing pending coverage of Personalized Authorization and the other entity categories
  4. Solicitation of volunteers to focus on supporting documentation
    1. postponing until we have WG consensus on spec

Definition Statement for R&S

Problem statement: the current definition of who can be tagged with R&S ("Candidates for the Research and Scholarship (R&S) Category are Service Providers that are operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part.") is being interpreted differently by different groups.  Requirements that are not specifically in the specification are being applied by federations, creating an uneven use of the specification.

...