Date: Thu, 28 Mar 2024 11:08:08 +0000 (UTC) Message-ID: <795911751.6187.1711624088415@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6186_836667218.1711624088415" ------=_Part_6186_836667218.1711624088415 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Attending: Janemarie Duh, Mark Rank, Eric Kool-Br= own, Keith Wessel, Heather Flanagan, Matthew Economou, Mary McKee, Eric Goo= dman
With: Ian Young, David Walker, David Bantz, Steve= Zoppi, Ann West, Shannon Roddy, IJ Kim, Albert Wu, Dave Shafer, Kevin Moro= oney
Intellectual Property Reminder - All Internet2 ac= tivities are governed by the Internet2 Intellectual Property Framework= .
Public Content Notice - TAC minutes are public do= cuments. Please let the TAC and note taker know if you plan to discuss some= thing of a sensitive nature.
Enforcing the attribute type syntax for email elements in MDUI c= ontact
This is a proposal to bulk change a=
ll contacts in InCommon metadata to use the correct "mailto:" scheme. Upon =
approval, Ops would develop a plan to communicate a date for a bulk change =
to all InCommon participants and eduGAIN federation operators. On that day,=
InCommon would do a special metadata publication process where we temporar=
ily disable the normal diffs (because they will be so big, they will be eff=
ectively useless) and bulk update all contacts in metadata to use the 'mail=
to:' scheme. At the same time, we=E2=80=99d publish a new version of the Fe=
deration Manager application, which would use the new scheme on all new/mod=
ified contacts in metadata.
On a unanimous voice vote, TAC ap= proved bulk updating InCommon metadata to use the correct 'mailto:' scheme = in front of all contacts in metadata
Handling SAML subject identifier requests from eduGAIN entities<= /strong>
Recently, we noticed that we were removing a few entity descriptor= s for SPs published in eduGAIN because they used incorrect/undefined mechan= isms to request the OASIS SAML Subject Identifiers. The profile d= efines use of exactly one of four different entity attribute values to requ= est these identifiers (pairwise-id, subject-id, any, none). The offending S= P metadata was using RequestedAttributes with varying attribute names and n= ameFormats (the incorrect nameFormats are most problematic here). The recom= mendation from Ops is to modify InCommon's eduGAIN filtering to allow these= requestedAttribute values, only so long as they are not isRequired=3D"true= ", but we WARN on them. That is, if there are RequestedAttributes, we check= for the presence of the appropriate identifiers and warn the user if they = are not present. More info is in the inc-me= ta GitHub Enterprise project.
TAC agrees with Nick=E2=80=99s proposal (i.e., there were no obj=
ections)
A subgroup of TAC will review the relevant federation part of the = spec. (Ann West, Heather Flanagan, Matthew Economou, Tom Barton, Jane= marie Duh, Keith Wessel)
Last time, TAC looked at the proposal for subject identif= iers.
Two parts to this:
There is a draft charter for a Test Federation WG.