Attendees
- Heather Flanagan
- Björn Mattsson
- Pål Axelsson
- David St Pierre Bantz
- Alan Buxey
- Jiří Pavlík
- Christos Kanellopoulos
- Scott Cantor
- Andrew Morgan
V/C Info
Topic: R&S 2.0 WG
Time: Jan 10, 2022 10:00 AM Pacific Time (US and Canada) | 13:00 PM Eastern | 18:00 UTC
Join Zoom Meeting
https://us02web.zoom.us/j/86587929095?pwd=Vnd3b0puNlBFZ1k5T2xqdUNUK3lKQT09
Meeting ID: 865 8792 9095
Passcode: 215434
One tap mobile
+12532158782,,86587929095#,,,,*215434# US (Tacoma)
+16699006833,,86587929095#,,,,*215434# US (San Jose)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 669 900 6833 US (San Jose)
+1 346 248 7799 US (Houston)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
+1 301 715 8592 US (Washington DC)
Meeting ID: 865 8792 9095
Passcode: 215434
Find your local number: https://us02web.zoom.us/u/kbShy1jdyy
Join by Skype for Business
https://us02web.zoom.us/skype/86587929095
Pre-reading
- Anonymous Authorization Draft
- Pseudonymous Authorization Draft
- Personalized Access Entity Category (zenodo copy)
WG Consensus
- The Anonymous Authorization, Pseudonymous Authorization, and Personalized Access Entity Categories shall be harmonized based on the decisions made around Personalized Access.
- Authorization guidance shall be split out into a separate, descriptive paper and not be part of any of the entity categories.
Agenda
- Verify WG Consensus items
- Review proposed changes to Anonymous and Pseudonymous ECs (Pål's action item from last call)
- Review initial draft for authorization (Scott C's action item from last call) - Federated Authorization Best Practices
Notes
- Verified WG Consensus items
- The Anonymous Authorization, Pseudonymous Authorization, and Personalized Access Entity Categories shall be harmonized based on the decisions made around Personalized Access.
- Authorization guidance shall be split out into a separate, descriptive paper and not be part of any of the entity categories.
- (Added) The names should be "Access Entity Category" not "Authorization Entity Category" - 10 January 2022
- (Added) We will not include assurance requirements to the Anonymous Access Entity Category - 10 January 2022
- Review proposed changes to Anonymous and Pseudonymous ECs (Pål's action item from last call) - 10 January 2022
- Description of the markup from Pål:
Reading guidance from copying style from personalized:
- Black text: Not changed at all.
- Blue text: Copied and from personalized. Some non relevant text may be deleted.
- Yellow overstrike: Changed text or proposed change.
- Red overstrike: Proposed to deleted.
- Should we include assurance info in all entity categories? Attribute assurance is different than identity assurance; attribute-level assurance isn't really a thing outside of personally identifiable details. That makes assurance not useful for anonymous directly, but it may be useful in terms of encouraging overarching best practices for using assurance across the board. Poll states that we should not include assurance in Anonymous.
- Do we include the requirement for registration and demonstration of need in Anonymous? Realistically speaking, the federation operators cannot review every request. Also, should this kind of checking be part of joining a federation, and not part of the EC? That doesn't cover the fact that different SPs will have different levels, and that existing SPs may change what they need. This is a way to harmonize between federations as well as within a federation. Will leave the text in as it stands.
- Description of the markup from Pål:
- Review initial draft for authorization (Scott C's action item from previous call) - Federated Authorization Best Practices
- Does this document need to address all the authorization patterns, or just the ones involving eduPersonEntitlement?
- Scott has a few more edits to make; after that's done, we will share this more broadly (to the R&S list) for feedback