Child pages
  • 2021-03-28 R&S 2.0 Notes
Skip to end of metadata
Go to start of metadata

Attendees:

Working Draft

Agenda

  1. Recap of consensus so far
    1. The FAQ will be revised to offer clarity on the term "affiliation" (see Research and Scholarship FAQ) and editorial changes made to the spec to make it more clear (see new draft spec for updated structure)
    2. eduPersonScopedAffiliation will become a required value
    3. R&S will require privacy statements
    4. Encouraging the use of eduPersonAssurance requires further discussion with the Assurance Working group
    5. subject-id should be listed as the new identifier
    6. R&S 1.3 and R&S 2.0 can co-exist; no migration detail will be included in the spec itself.
    7. ePPN and targeted ID to both be removed from R&S 2.0
    8. Information on OIDC requirements will be moved to R&S 2.1 (after the OIDF OIDCre working group has formal documentation in this space)
  2. eduPersonAssurance and RAF, continued

  3. Home Organization use case (Andrew Morgan and Christos Kanellopoulos )

    1. This item may be moved to the next call
  4. Proposal to require DisplayName (Petersen )
    1. This item may be moved to the next call


Notes

  1. Recap of consensus so far
    1. The FAQ will be revised to offer clarity on the term "affiliation" (see Research and Scholarship FAQ) and editorial changes made to the spec to make it more clear (see new draft spec for updated structure)
    2. eduPersonScopedAffiliation will become a required value
    3. R&S will require privacy statements
    4. Encouraging the use of eduPersonAssurance requires further discussion with the Assurance Working group
    5. subject-id should be listed as the new identifier
    6. R&S 1.3 and R&S 2.0 can co-exist; no migration detail will be included in the spec itself.
    7. ePPN and targeted ID to both be removed from R&S 2.0
    8. Information on OIDC requirements will be moved to R&S 2.1 (after the OIDF OIDCre working group has formal documentation in this space)
  2. eduPersonAssurance and RAF, continued

    1. Changes to the draft spec include recommending REFEDS framework, but not requiring it

    2. One argument for not including assurance is that this still doesn't include requirements around MFA, which will be a common consideration; if we don't do both, is it worth doing assurance at all?

    3. The assurance information is different in character than the current R&S personal data attributes. Many people will view the GDPR that anything you send in this context -- attribute bundles about subjects -- is subject to that regulation. So, we really want to take advantage of the data minimization aspects of the R&S program.

      • though this is probably no more identifying than affiliation, but assurance does talk about the attributes sent, so it's not completely detached from personal information

      • 86% said to go ahead and include it, so we'll go ahead and leave the text in, and understand that this will probably be debated further during consultation

        • Scott Cantor to clean up one more section to include the assurance info

  3. Home Organization use case (Andrew Morgan and Christos Kanellopoulos )

    1. Interested parties were not on the call to discuss
  4. Proposal to require DisplayName (Petersen )
    1. This might have been primarily related to the OIDC information, which has been removed from the spec (for now)

    2. That said, there is an i18n component to allow for the full and proper form of a name, which may not break down neatly in the existing attribute.

    3. Need to discuss further on our next call
  5. Next steps
    1. Heather will send out a doodle poll for our next call, which will focus on Home Org and DisplayName. The goal will be to come to consensus on the remaining items on that call and get ready for the consultation period.