Pre-Reading

Working Draft

Agenda

  1. Recap of consensus for Personalized Authorization so far - note that all changes will need to be validated via the consultation process
    1. if schacHomeOrg is present, then it's the value to be used; if not present, eduPersonScopedAffiliation should be used. (See 2021-07-01 R&S 2.0 Notes)
      1. this is more appropriate for the other entity categories; for Personalized, we're requiring schacHomeOrg and so this statement does not apply
    2. We will adopt the following from R&S 1.3: "Service Providers SHOULD limit their data requirements to the bundle of attributes defined in Section 5, but MAY negotiate for additional data as required via mechanisms that are outside the scope of this specification." (See 2021-07-01 R&S 2.0 Notes)
    3. The entity categories (Anonymous Authorization, Pseudonymous, and Personalized) are mutually exclusive (See 2021-07-01 R&S 2.0 Notes)
    4. We will use subject-id for this specification. (See 2021-08-10 R&S 2.0 Notes)
  2. Reviewing the draft spec
    1. Section 6 (see mailing list thread)

Notes

  1. Recap of consensus for Personalized Authorization so far - note that all changes will need to be validated via the consultation process
    1. if schacHomeOrg is present, then it's the value to be used; if not present, eduPersonScopedAffiliation should be used. (See 2021-07-01 R&S 2.0 Notes)
      1. this is more appropriate for the other entity categories; for Personalized, we're requiring schacHomeOrg and so this statement does not apply
    2. We will adopt the following from R&S 1.3: "Service Providers SHOULD limit their data requirements to the bundle of attributes defined in Section 5, but MAY negotiate for additional data as required via mechanisms that are outside the scope of this specification." (See 2021-07-01 R&S 2.0 Notes)
    3. The entity categories (Anonymous Authorization, Pseudonymous, and Personalized) are mutually exclusive (See 2021-07-01 R&S 2.0 Notes)
    4. We will use subject-id for this specification. (See 2021-08-10 R&S 2.0 Notes)
  2. Reviewing the draft spec
    1. Section 6 (see mailing list thread)
      1. We should not comment on stuff that happens outside the spec. We should only specify what the spec itself requires.
      2. The origination of the request for RequestedAttributes was more IdPs that had to explicitly see what attributes were being requested, not deal with an entity category.
      3. Why not include eduPersonEntitlement? Because there will always need to be a discussion as to what exactly is required as a value for that attribute. Entity categories are supposed to get us past bilateral discussions, and yet those discussions are what have to happen to populate eduPersonEntitlement. We need a a profile to describe eduPersonEntitlement (similar to the Assurance framework) or a best practice doc.
      4. Poll: Should we accept Scott's text? Yes, 7 ;No, 0 ; Need more information, 1 (of 8)
        • Scott Cantor will add some additional text to 5.1 requiring a prefix from RAF for the spec and consider if/how to move the assurance text in section 7 up.
  3. Reminder: The new & improved spec will be the main topic of conversation for the next REFEDS meeting