...
Specific Open Questions
- the 'attribute freshness' (ePA-1m) as coming out of an Infrastructure Proxy is now normatively defined in this document as
"The ATP assurance component (attribute freshness) SHALL reflect the affiliation of the identity with the CSP, i.e. the Infrastructure Proxy."
It's the interpretation that makes most sense in case the resulting assertions from the proxy would (acidentally or on purpose) be re-inserted in eduGAIN, and also it better reflects the fact that for linked and composite identities the change of affiliation in an upstream IdP does not necessarily reflect any change in the Infrastructure. The Community is always authoritative ... - the "Darjeeling" profile is very, very close to Espresso, the only thing it adds is that it adds full MFA support and also a quality requirement on the first factor. Is that profile really useful? Could we drop it (please)?
- On output, if the combination of assurance component values meets a REFEDS RAF profile, you must now also assert the REFEDS RAF profile values - so that if the assertion 'escapes', it still makes sense to generic service providers
- The flagging of 'social identity providers' was considered quite important, so Assam does that for you. However, if the identity provider is a homeless IdP with known qualities, you SHOULD also assert those properties if you know about them (like IAP/low and maybe even SFA).
Final PDF
To be published
Meetings schedule and Minutes
...