Both the SAML and OIDC profiles adopt the key words from RFC 2119 and include a paragraph regarding compliance to the profiles based on those key words. However, there have been some recent indications that suggest the compliance language in the profiles needs additional clarification. It is therefore proposed that the compliance language in both profiles should be changed to the following:
"Compliance with all requirements labeled "REQUIRED" "MANDATORY", "MUST", and "MUST NOT" is required for all members of a GC Federation. There are no exceptions. Requirements designated as “SHOULD”, “RECOMMENDED”, “SHOULD NOT” or “NOT RECOMMENDED” must not be interpreted to be optional. GC departments and agencies that do not implement any requirements labelled with the key words "SHOULD" or “RECOMMENDED” or choose to implement any requirements labelled "SHOULD NOT" or "NOT RECOMMENDED" must document the implications and rationale for doing so and submit this information to the applicable governance body for the purpose of seeking an exception. An exception must be granted before joining a GC Federation."
Both the SAML and OIDC profiles adopt the key words from RFC 2119 and include a paragraph regarding compliance to the profiles based on those key words. However, there have been some recent indications that suggest the compliance language in the profiles needs additional clarification. It is therefore proposed that the compliance language in both profiles should be changed to the following:
"Compliance with all requirements labeled "REQUIRED" "MANDATORY", "MUST", and "MUST NOT" is required for all members of a GC Federation. There are no exceptions. Requirements designated as “SHOULD”, “RECOMMENDED”, “SHOULD NOT” or “NOT RECOMMENDED” must not be interpreted to be optional. GC departments and agencies that do not implement any requirements labelled with the key words "SHOULD" or “RECOMMENDED” or choose to implement any requirements labelled "SHOULD NOT" or "NOT RECOMMENDED" must document the implications and rationale for doing so and submit this information to the applicable governance body for the purpose of seeking an exception. An exception must be granted before joining a GC Federation."