Versions Compared

Old Version 12

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version 13

changes.mady.by.user Niels van Dijk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Entity Category: Grouping of entities is typically done via a:
    • Trust Anchor or an Intermediate. All entities with similar behavious are members of the same intermediate (or trust anchor)
    • Trust Mark could also be used. A trust mark is created by a trust mark owner ( .
      • The trustmark owner must be trusted and listed as such by the federation TA
      • A Trust Mark may be self issued.
  • Entity Attribute Signalling assurance certifications is done using so called Trust Marks.
  • Profiles, signalling certain behaviour as part of a transaction is generally covered in the underlying standards like OpenID Connect and OAuth2OAuth 2.0. The capablity for signalling is often available, however the semantics may need to be adopted
  • Metadata Extension, provide an extention to existing metadata profiles is allowed in the OpenID Federation specification. For broad acceptance and implementation of an extention it may be needed to engage with the OpenID Foundation, e.g. via de RandE working group
  • Frameworks, are currenlty basically assurance frameworks, which provide a structured means of describing or defining the main sources of assurance provided within the federation by the member entities or the federation itself.

Wallets

WIP


Overview of findings

specification nametypeApplies
to entity		Asserted
by		Attribute
profile		Entity behavioural rulesAttribute requirements

In scope for OpenIDFed

In scope for wallets

SAML Specific
Protocol  requirements
Research and Scholarship (R&S) v1.3Entity CategorySPRegistrar(tick)
  • operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part
  • not be used for access to licensed content 
  • will not use attributes for purposes that fall outside of the service definition
  • shared user identifier
  • person name
  • email address
  • affiliation (optional)
(tick)(question)
  • RFC8409
  • Section 4.3.1
  • Section 4.3.3
  • Section 5 (moving mention of <md:RequestedAttribute> mechanism to SAML 2.0 specific part of section 5 would already suffice)
  • Section 6 (SAML specific example and identifier handling)
  • Section 7 (SAML example)
Research and Scholarship (R&S) v1.3Entity CategoryIdPIdP(tick)
  • will release attribute bundle attributes to R&S Service Providers for a significant subset of user polulation
  • persistent, non-reassigned, non-targeted identifier
  • shared user identifier
  • person name
  • email address
  • affiliation (optional)
(tick)(question)^^^
Hide From Discovery v.1Entity CategoryIdPIdP


(question)(question)
  • Use of SAML specific terms like IdP and SP
  • Section 5: SAML specific example
Anonymous Access v.2Entity CategorySPRegistrar(tick)
  • proof of successful authentication [ only ]
  • signaling that they do not wish to receive personalized data
  • organization
  • affiliation (optional if no affiliation exists)


  • Use of SAML specific terms like IdP and SP
  • Section 4, RC3RC1.1
  • Section 5 (extention already possible)
  • Section 7; SAML specific example. should probably move under 5.1.1
  • Section 8; SAML specific example. should probably move under 5.1.1
Anonymous Access v.2Entity CategoryIdPIdP(tick)
  • release all required attributes in the bundle for a significant subset of user polulation
  • organization
  • affiliation (optional if no affiliation exists)


^^^
Pseudonymous Access v.2Entity CategorySPRegistrar(tick)



  • Use of SAML specific terms like IdP and SP
  • Section 4, RC3
  • Section 5 (extention already possible)
  • Section 7; SAML specific example. should probably move under 5.1.1
  • Section 8; SAML specific example. should probably move under 5.1.1
Pseudonymous Access v.2Entity CategoryIdPIdP(tick)
  • release all required attributes in the bundle for a significant subset of user polulation



^^^
Personalized Access v.2Entity CategoryIdPRegistrar(tick)



  • Use of SAML specific terms like IdP and SP
  • Section 4, RC3
  • Section 5 (extention already possible)
  • Section 7; SAML specific example. should probably move under 5.1.1
  • Section 8; SAML specific example. should probably move under 5.1.1
Personalized Access v.2Entity CategorySPRegistrar(tick)



^^^

Code of Conduct v.2Entity Category and Best Practice







Sirtfi v1 & v2Entity AttributeSPSP





...