Hi Peter,
I support your points.
I agree with Bernd's: "there are obviously different opinions about when "required" should be used."
I am all in with Meshna and Jos that FIM4L recommendations need to be modified now to play nicely with new REFEDS entity categories proposed by Seamless Access.
We also need to revisit: "eduPersonEntitlement, with other values, representing group or role memberships in alignment with AARC Guidelines on expressing group membership and role information" in FIM4L's recommendations. This is currently used at Prague's Charles University for example to describe users faculty affiliations and it is providing SPs with informations needed for authorisation when there are licences for faculty students and staff. This is not clear in the REFEDS entity categories specs how SPs are supposed to authorise faculty, campus, departments users.
Cheers
Jiri
On Wed, Mar 17, 2021 at 6:45 PM Peter Schober peter.schober@univie.ac.at wrote:
I can neither understand what you're trying to say not what this has to do with the specific message you are replying to (which was about Jos' statement about maybe adopting use of the "anonymous" terminology which I advise against). -peter
Full quote below because I wouldn't know what to quote.
- Jiri Pavlik jiri.pavlik@techlib.cz [2021-03-17 18:24]:
Hi,
at the REFEDS entity categories specs there is:
"Service Providers SHOULD limit their data requirements to the bundle of attributes defined in Section 4."
at 5. Service Provider Requirements paragraph.
IMHO it leaves a room for FIM4L to specify whether samlPairwiseID, edPersonScopedAffialition, eduPersonEntitlement should be requested by SPs as required or optional. And what actually means required and optional for the attributes release from IdPs to SPs
:-)
Best Jiri
On Wed, Mar 17, 2021 at 9:43 AM Peter Schober <
peter.schober@univie.ac.at>
wrote:
- Jos Westerbeke jos.westerbeke@eur.nl [2021-03-17 09:31]:
We (on this FIM4L list) have chosen (early 2019) not to use the word anonymous because it pretends that you are anonymous, which is not, or at least disputable.
There is no such thing as an anonymous federated login. So this terminology serves to confuse more if anything.
-peter
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l