Attendees
- Jiří Pavlík
- Heather Flanagan
- David St Pierre Bantz
- Pål Axelsson
- Björn Mattsson@BTH
- Andrew Morgan
- Scott Cantor
- Miroslav Milinović
- Jens Jensen - STFC UKRI
Regrets
V/C info
Topic: R&S 2.0 WG call
Time: Aug 25, 2021 08:00 AM Pacific Time (US and Canada), 15:00 UTC
Join Zoom Meeting
https://us02web.zoom.us/j/89599128962?pwd=cUJQdE9BS01FQld3Q0JnNGdjdHhoQT09
Meeting ID: 895 9912 8962
Passcode: 438576
One tap mobile
+12532158782,,89599128962#,,,,*438576# US (Tacoma)
+13462487799,,89599128962#,,,,*438576# US (Houston)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 669 900 6833 US (San Jose)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
+1 301 715 8592 US (Washington DC)
Meeting ID: 895 9912 8962
Passcode: 438576
Find your local number: https://us02web.zoom.us/u/kbuusNnyZ6
Join by Skype for Business
https://us02web.zoom.us/skype/89599128962
Google calendar link
Pre-Reading
- Anonymous Authorization
- Pseudonymous Authorization
- comparison of attribute release information between each entity category
Working Draft
Agenda
- Recap of consensus for Personalized Authorization so far - note that all changes will need to be validated via the consultation process
- if schacHomeOrg is present, then it's the value to be used; if not present, eduPersonScopedAffiliation should be used. (See 2021-07-01 R&S 2.0 Notes)
- We will adopt the following from R&S 1.3: "Service Providers SHOULD limit their data requirements to the bundle of attributes defined in Section 5, but MAY negotiate for additional data as required via mechanisms that are outside the scope of this specification." (See 2021-07-01 R&S 2.0 Notes)
- The entity categories (Anonymous Authorization, Pseudonymous, and Personalized) are mutually exclusive (See 2021-07-01 R&S 2.0 Notes)
- We will use subject-id for this specification. (See 2021-08-10 R&S 2.0 Notes)
- Reviewing the draft spec
- title of the category - this isn't about "Authorization" so maybe "Personalized Access" or "Personalized Entity Category"?
- Start with section 6 of the draft; note this touches on the consensus we reached on an earlier call "We will adopt the following from R&S 1.3: "Service Providers SHOULD limit their data requirements to the bundle of attributes defined in Section 5, but MAY negotiate for additional data as required via mechanisms that are outside the scope of this specification."
Notes
- Recap of consensus for Personalized Authorization so far - note that all changes will need to be validated via the consultation process
- if schacHomeOrg is present, then it's the value to be used; if not present, eduPersonScopedAffiliation should be used. (See 2021-07-01 R&S 2.0 Notes)
- this is more appropriate for the other entity categories; for Personalized, we're requiring schacHomeOrg and so this statement does not apply
- We will adopt the following from R&S 1.3: "Service Providers SHOULD limit their data requirements to the bundle of attributes defined in Section 5, but MAY negotiate for additional data as required via mechanisms that are outside the scope of this specification." (See 2021-07-01 R&S 2.0 Notes)
- The entity categories (Anonymous Authorization, Pseudonymous, and Personalized) are mutually exclusive (See 2021-07-01 R&S 2.0 Notes)
- We will use subject-id for this specification. (See 2021-08-10 R&S 2.0 Notes)
- if schacHomeOrg is present, then it's the value to be used; if not present, eduPersonScopedAffiliation should be used. (See 2021-07-01 R&S 2.0 Notes)
- Reviewing the draft spec
- title of the category - this isn't about "Authorization" so maybe "Personalized Access" or "Personalized Entity Category"?
- NO strong opinion, so we'll call it Personalized (poll divided fairly evenly)
- title of the category - this isn't about "Authorization" so maybe "Personalized Access" or "Personalized Entity Category"?
- Start with section 6 of the draft; note this touches on the consensus we reached on an earlier call "We will adopt the following from R&S 1.3: "Service Providers SHOULD limit their data requirements to the bundle of attributes defined in Section 5, but MAY negotiate for additional data as required via mechanisms that are outside the scope of this specification."
- Scott Cantor and Andrew Morgan will work on revising section 6; keep the SHOULD/MAY construct, and work in at least an example of eduPersonEntitlement being something SPs might negotiate separately
- Next steps
- Discuss proposals for section 6 and do a consensus call on the draft spec at our next call
- Target sending out for consultation the week of September 13; consultation to last for 4 weeks, which will overlap the REFEDS, CAMP, and ACAMP meetings
- During the consultation period for Personalized, we'll start work on harmonizing the Anonymous and Pseudonymous Authorization categories
Definition Statement for R&S
Problem statement: the current definition of who can be tagged with R&S ("Candidates for the Research and Scholarship (R&S) Category are Service Providers that are operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part.") is being interpreted differently by different groups. Requirements that are not specifically in the specification are being applied by federations, creating an uneven use of the specification.
...