In http://docs.oasis-open.org/xspa/saml-xspa/v2.0/csprd03/, Mohammad Jafari, TC co-chair, reports: Subject: Public Review Results for XSPA Profile of SAML v2.0 Version 2.0 From: Mohammad Jafari To: "xspa@lists.oasis-open.org" Date: Sun, 6 Jan 2019 00:47:05 +0000 Hello, The 15-day public review ended on December 18th, 2018. No public comments were received during the public review period per the comments mailing list archive [1]. However, we received an internal comment from Mike Davis raising the issue of harmonizing with the most recent HL7 Normative Ballot for Trust Framework for Federated Authorization (TF4FA) Volume 1 (dated May 2018) which calls for supporting the following attributes which currently do not seem to be covered by XSPA SAML profile: - Certification: Any professional certification credentials that may be required for the request. Usually provided by a jurisdictional or professional body. - Policy Attestation: Machine-driven assessment of an information exchange partner's conformance/non-conformance to legal, ethical, social, organizational, psychological, functional, and technical factors assumed or known from behavioral analytics and continuous event driven performance factors deemed relevant to retaining trust. --- Mohammad confirmed in personal email to TC Admin that the comments are addressed in csprd04: Thanks Chet, Yes, the comment has been incorporated in this draft. The TC approved incorporating the attributes suggested by that comment in a subsequent meeting on Jan 28th 2019, as reflected in the minutes (last item before adjournment): https://lists.oasis-open.org/archives/xspa/201901/msg00008.html Regards, Mohammad