...
- the 'attribute freshness' (ePA-1m) as coming out of an Infrastructure Proxy is now normatively defined in this document as
"The ATP assurance component (attribute freshness) SHALL reflect the affiliation of the identity with the CSP, i.e. the Infrastructure Proxy."
It's the interpretation that makes most sense in case the resulting assertions from the proxy would (acidentally or on purpose) be re-inserted in eduGAIN, and also it better reflects the fact that for linked and composite identities the change of affiliation in an upstream IdP does not necessarily reflect any change in the Infrastructure. The Community is always authoritative ...
IF this has already been stated in another JRA*.* document, please put the ref here
RESOLVED: included in this guideline as rough consensus shows there is no better place for now - the "Darjeeling" profile is very, very close to Espresso, the only thing it adds is that it adds to MFA support also a quality requirement on the first factor. Is that profile really useful? Could we drop it (please)?
RESOLVED: rough consensus indicates this can be dropped - On output, if the combination of assurance component values meets a REFEDS RAF profile, you must now also assert the REFEDS RAF profile values - so that if the assertion 'escapes', it still makes sense to generic service providers
RESOLVED: no negative comments received - The flagging of 'social identity providers' was considered quite important, so Assam does that for you. However, if the identity provider is a homeless IdP with known qualities, you SHOULD also assert those properties if you know about them (like IAP/low and maybe even SFA).
RESOLVED: if one can reasonably know that IAP/low is met, this should be added as well
Final PDF
To be published
Meetings schedule and Minutes
...