V/C info
Dec 3, 2020 – 20:00 UTC / 21:CET/ 12:00 noon Pacific Time (US and Canada)
Topic: REFEDS R&S 2.0
Time: Dec 3, 2020 12:00 PM Pacific Time (US and Canada)
Join Zoom Meeting
https://us02web.zoom.us/j/84524207816?pwd=TVFpNTBMcTU2TjV4R0Qrd2RtZHg2Zz09
Meeting ID: 845 2420 7816
Passcode: 733513
One tap mobile
+12532158782,,84524207816#,,,,,,0#,,733513# US (Tacoma)
+13462487799,,84524207816#,,,,,,0#,,733513# US (Houston)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 669 900 6833 US (San Jose)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
+1 301 715 8592 US (Washington D.C)
Meeting ID: 845 2420 7816
Passcode: 733513
Find your local number: https://us02web.zoom.us/u/kdYjaiuP1F
Join by Skype for Business
https://us02web.zoom.us/skype/84524207816
Pre-reading
Agenda
Proposed work structure - Focus on the issues of R&S 1.3 in the following order, with each agenda coming to the next on the list
- eduPersonAffiliation vs eduPersonScopedAffiliation
- "and where affiliation is defined to be the eduPersonScopedAffiliation attribute." (see section 5 of the R&S spec)- How can we make the spec clearer? Is the release of scoped affiliation mandatory or not? What if the IdP doesn’t actually have that value recorded?
- Identifier issue
One of the reasons R&S is that it was targeting applications that were broken because they only allow for a single identifier to identify an individual (the “one field for everything” approach). That’s why ePPN was the chosen identifier, because it was traditionally a user-friendly identifier and so suitable for the one-size-fits-all use case, as long as you ignore reassignment. ePTID was added to address reassignment. Those applications failed miserably if they only had ePTID.
Is this still an issue? Do we still need to support the one-size-fits-all approach? If we can chose a common, opaque identifier, with an understanding that you want the additional personalization, we can do that.
- One opinion: time is right to do this, and R&S is the right place to do this first.
- Second opinion: this is a question for the SP. Are they ready for R&S to move to a more opaque identifier? There’s no incentive for an IdP to make their identifier better unless there’s a demand by the SPs.
- Based on the responses from the SPOG list, SPs do not handle identifier reassignment in any standardized manner. The level of automation in responding to this seems to depend entirely on the size of the SP and how big their IT budget is.
- Privacy Statements
- Should R&S require privacy statements?
- eduPersonASsurance
- Should R&S encourage the release of eduPersonAssurance as a "SHOULD" value, in support of REFEDS Assurance Framework
- Administrative involvement
How to be clearer about “Without administrative involvement"
How to be clearer that the campus does have control regarding what population they should release information about (e.g., whole campus? other?)
- R&S as it relates to CoCo
Notes
- eduPersonAffiliation vs eduPersonScopedAffiliation
- "and where affiliation is defined to be the eduPersonScopedAffiliation attribute." (see section 5 of the R&S spec)- How can we make the spec clearer? Is the release of scoped affiliation mandatory or not? What if the IdP doesn’t actually have that value recorded?
- Identifier issue
One of the reasons R&S is that it was targeting applications that were broken because they only allow for a single identifier to identify an individual (the “one field for everything” approach). That’s why ePPN was the chosen identifier, because it was traditionally a user-friendly identifier and so suitable for the one-size-fits-all use case, as long as you ignore reassignment. ePTID was added to address reassignment. Those applications failed miserably if they only had ePTID.
Is this still an issue? Do we still need to support the one-size-fits-all approach? If we can chose a common, opaque identifier, with an understanding that you want the additional personalization, we can do that.
- One opinion: time is right to do this, and R&S is the right place to do this first.
- Second opinion: this is a question for the SP. Are they ready for R&S to move to a more opaque identifier? There’s no incentive for an IdP to make their identifier better unless there’s a demand by the SPs.
- Based on the responses from the SPOG list, SPs do not handle identifier reassignment in any standardized manner. The level of automation in responding to this seems to depend entirely on the size of the SP and how big their IT budget is.
- Privacy Statements
- Should R&S require privacy statements?
- eduPersonASsurance
- Should R&S encourage the release of eduPersonAssurance as a "SHOULD" value, in support of REFEDS Assurance Framework
- Administrative involvement
How to be clearer about “Without administrative involvement"
How to be clearer that the campus does have control regarding what population they should release information about (e.g., whole campus? other?)
- R&S as it relates to CoCo