Overview
An operator group for NREN's offering an IdP service that is not bound to a specific organisation, for example as an IdP of last resort and IdP for home organisations that don't manage their own. This is a place to discuss and exchange ideas and operational guidelines.
A possible first outcome could be a position paper on how eduIDs perceive themselves (what unifies the eduID?)
A group mailing list is available at: https://lists.refeds.org/sympa/info/eduid-operators.
Terms
The following terms apply to all REFEDS Working Groups:
- When a working group is agreed, REFEDS Participants will be asked if they wish to participate. Working Groups tend to be small, so consensus can be achieved quickly between participants.
- A chair for the group is chosen from the REFEDS Participants.
- GÉANT provides facilities for the working group, including meeting support, wiki space, mailing lists and, where appropriate, funding.
- An appropriate output from the group is produced. Currently, this is typically a draft white paper or a wiki page.
- When the Working Group is in agreement, the chair shares the outputs with the wider REFEDS community with an open period for discussion and comment. This is typically a period of 4 weeks, but may be longer if appropriate.
- After this period of time, the REFEDS Steering Committee signs off on the work item. Work is either written up as a formal white paper, left on the wiki but promoted as finished work or occasionally submitted as an Internet Draft.
Chair
Marlies Rikken (SURF)
Work Items
- We will create a knowledge base on the eduIDs instead of a whitepaper >> eduID knowledge base
- We will continue to meet and grow as eduID operator community
- share knowledge on specific topics as defined by the participants each call.
- involve as many nationalities as possible.
Topics list for the upcoming calls + hosts.
- Group management (Rolf)
- Access management & eduID
- Security deepdive (Zacharias)
- Multi factor authentication good practices - such as security keys
- Passwordless authentication eg with Passkeys
- Security awareness → how do we teach our users??
- Passwords must die
- User experience (Esther)
- Share our user flows, 1 small flow at a time (Initial onboarding / a login / reaching the required level of assurance and security / account recovery /...)
- Share our outcomes
- User identification (Marlies)
- passports or identity cards
- User account recovery?
- International interoperability of eduID (Maarten)
- interop with other identifiers
- technical interop
- federation of eduIDs
- Relation of eduID and eIDAS (Marlies/Niels)
- Relation of eduID and wallets / SSI
- Mobile Apps (Peter)
- 2nd factor auth
- Profile managing
- NFC for ID-docs / liveness
- Step towards wallets?
- Privacy & eduID
- Legal issues
- Account deletion
- Data retention vs life long learning
- Security logs
Calls
All calls should be noted on the wiki and minuted appropriately.
Resources
Previous work:
- Early 2020 SURF organised an eduID specific meetup, see the SURF wiki for the outcomes and presentations .
- In 2018 T&I members from the GN4-2 project wrote a white paper describing the various eduID’s that were active at the time.
- The discussion notes and points that came up during TIIME 2024.