Community Review
This consultation is open from Monday, April 30, 2018 to Monday, May 28, 2018
Documents for review/consultation
- Final Report of the Streamlining SP Working Group
- Streamlining SP Onboarding - Criteria Document
- Streamlining SP Onboarding - Questionaire
For more information about the working group, please see the Streamlining SP Working Group wiki space.
Change Proposals and Feedback - We welcome your feedback/suggestions here
If you have comments that do not lend themselves well to the tabular format below, please create a new Google doc and link to it in the suggestion section below.
| Number | Current Text | Proposed Text / Query / Suggestion | Proposer | +1 (add your name here if you agree with the proposal) | Action (please leave this column blank) |
|---|---|---|---|---|---|
| 1 | NA | Who should maintain the SP questionnaire over time, as the federation evolves? | Nick Roy | ||
| 2 | "Login Experience - Is the login page accessible and easy to find? What's the experience if a user logs in but is not authorized? | I would suggest addressing IdP discovery rather than a 'login page' in this question. Issues around how a user accesses discovery when provided a link into the service, and whether the target of their link is preserved across IdP discovery and login are important. | Nick Roy | ||
| 3 | "Logout Experience - Does your application support a proper logout?" | What is a "proper logout" in a federation context? Checking to see if there is a SLO endpoint available in the user's IdP metadata, and making a SAML logout request? How Should logout be handled at the IdP at that point? The updated saml2int tries to address this issue, but it is complex/challenging. https://kantarainitiative.github.io/SAMLprofiles/saml2int.html | Nick Roy | ||
| 4 | "to head of additional questioning" | "To head off additional questioning"? - Might be best to actually use this to cause additional questioning of the SP by the person doing the onboarding, in any case. | Nick Roy | ||
| 5 | Appendix C item 2 "The questionnaire would be encouraged for Service Providers to follow as part of joining InCommon." | Who would receive the questionnaire results in this case, and whose responsibility would it be to work with the SP? At what point in the lifecycle of a prospective participant joining would it be appropriate to inject the questionnaire, and who would do that / communicate with any needed third parties (third parties are assumed to be: the prospective SP, IdP operators at the sponsoring organization (if a sponsored partner), InCommon RA staff, InCommon level 2 support staff) | Nick Roy | ||
| 6 | NA | Should the report include recommendations to InCommon? Examples might include how to operationalize the questionnaire, recommendations on re-organization of web and wiki content to comport with the WG's criteria and questionnaire, and any areas of work the WG identified that may be valuable for a succeeding WG to address, eg, further refinement of the questionnaire and on-boarding process by soliciting feedback from on-boarding SPs. | Tom Barton |
See Also