Community Review
This consultation is open from Monday, April 30, 2018 to Monday, May 28, 2018
Documents for review/consultation
- Final Report of the Streamlining SP Working Group
- Streamlining SP Onboarding - Criteria Document
- Streamlining SP Onboarding - Questionnaire
For more information about the working group, please see the Streamlining SP Working Group wiki space.
Change Proposals and Feedback - We welcome your feedback/suggestions here
If you have comments that do not lend themselves well to the tabular format below, please create a new Google doc and link to it in the suggestion section below.
| Number | Current Text | Proposed Text / Query / Suggestion | Proposer | +1 (add your name here if you agree with the proposal) | Action (please leave this column blank) |
|---|---|---|---|---|---|
| 1 | NA | Who should maintain the SP questionnaire over time, as the federation evolves? | Nick Roy | ||
| 2 | "Login Experience - Is the login page accessible and easy to find? What's the experience if a user logs in but is not authorized? | I would suggest addressing IdP discovery rather than a 'login page' in this question. Issues around how a user accesses discovery when provided a link into the service, and whether the target of their link is preserved across IdP discovery and login are important. | Nick Roy | ||
| 3 | "Logout Experience - Does your application support a proper logout?" | What is a "proper logout" in a federation context? Checking to see if there is a SLO endpoint available in the user's IdP metadata, and making a SAML logout request? How should logout be handled at the IdP at that point? The updated saml2int tries to address this issue, but it is complex/challenging. https://kantarainitiative.github.io/SAMLprofiles/saml2int.html | Nick Roy | ||
| 4 | "to head of additional questioning" | "To head off additional questioning"? - Might be best to actually use this to cause additional questioning of the SP by the person doing the onboarding, in any case. | Nick Roy | ||
| 5 | Appendix C item 2 "The questionnaire would be encouraged for Service Providers to follow as part of joining InCommon." | Who would receive the questionnaire results in this case, and whose responsibility would it be to work with the SP? At what point in the lifecycle of a prospective participant joining would it be appropriate to inject the questionnaire, and who would do that / communicate with any needed third parties (third parties are assumed to be: the prospective SP, IdP operators at the sponsoring organization (if a sponsored partner), InCommon RA staff, InCommon level 2 support staff) | Nick Roy | ||
| 6 | NA | Should the report include recommendations to InCommon? Examples might include how to operationalize the questionnaire, recommendations on re-organization of web and wiki content to comport with the WG's criteria and questionnaire, and any areas of work the WG identified that may be valuable for a succeeding WG to address, eg, further refinement of the questionnaire and on-boarding process by soliciting feedback from on-boarding SPs. | Tom Barton | ||
| 7 | NA | Should Baseline Expectations be mentioned early on since that would be a good thing for new folks to hear? Maybe linking to this blog post or one of the wiki pages would help? https://www.internet2.edu/blogs/detail/15334 | MC Martinez | ||
| 8 | Criteria Document – References – "SAML2 Int Spec" | That's a reference to the SubjectID Attributes Profile, not saml2int | Peter S. | ||
| 9 | Criteria Document | Great work overall on all three documents. Criteria Document could benefit from a short intro explaining what it is and how it should be used, or how it fits into the big picture | Emily Eisbruch | ||
| 10 | Final Report | Final Report could benefit from an Overview or Exec Summary at top to briefly state the outputs of the working group, before explaining the WG process and the details. | Emily Eisbruch | ||
| 11 | Questionnaire | Should the Questionnaire be renamed from "Service Provider Onboarding - Questionnaire" to "InCommon Service Provider Onboarding - Questionnaire and Checklist" ? A concern is the people typically don't like questionnaires, they want something that will help them. | Emily Eisbruch | ||
| 12 | Criteria | Do the Criteria recognize the reality that a growing number/majority of the commercial SPs are using commercial SAML implementations rather than either of the two recommended SP implementations ? Are the minimum recommendations supported by the SAML SP implementations that we see in use today by a significant number of commercial SPs ? | Steve Carmody | ||
| 13 | Criteria | How compatible are the recommendations for SPs with the functionality available from commercial IDPs (eg use of identifiers) (eg OKTA, Ellucian) ? | Steve Carmody | ||
| 14 | Nick Lewis | ||||
| 15 | Nick Lewis | ||||
| 16 | Nick Lewis | ||||
| 17 | Nick Lewis | ||||
| 18 | N/A | Nick Lewis | |||
| 19 | N/A | Nick Lewis | |||
| 20 | N/A | Nick Lewis | |||
| 21 | N/A | Nick Lewis | |||
| 22 | N/A | Nick Lewis | |||
| 23 | N/A | Nick Lewis | |||
| 24 | N/A | Add to the User Experience Checklist: "If your application will be authenticating users via more than one Identity Provider, does your application allow a user to login to the same account from multiple Identity Providers?" | Matt Callaway |
See Also