Overview

An operator group for NREN's offering an IdP service that is not bound to a specific organisation, for example as an IdP of last resort and IdP for home organisations that don't manage their own. This is a place to discuss and exchange ideas and operational guidelines.

A possible first outcome could be a position paper on how eduIDs perceive themselves (what unifies the eduID?)

A group mailing list is available at: https://lists.refeds.org/sympa/info/eduid-operators.

Terms

The following terms apply to all REFEDS Working Groups:

  1. When a working group is agreed, REFEDS Participants will be asked if they wish to participate. Working Groups tend to be small, so consensus can be achieved quickly between participants.
  2. A chair for the group is chosen from the REFEDS Participants.
  3. GÉANT provides facilities for the working group, including meeting support, wiki space, mailing lists and, where appropriate, funding.
  4. An appropriate output from the group is produced. Currently, this is typically a draft white paper or a wiki page.
  5. When the Working Group is in agreement, the chair shares the outputs with the wider REFEDS community with an open period for discussion and comment. This is typically a period of 4 weeks, but may be longer if appropriate.
  6. After this period of time, the REFEDS Steering Committee signs off on the work item. Work is either written up as a formal white paper, left on the wiki but promoted as finished work or occasionally submitted as an Internet Draft.

Chair

Marlies Rikken  (SURF)

Work Items

  1. We will create a knowledge base on the eduIDs instead of a whitepaper >> eduID knowledge base
  2. We will continue to meet and grow as eduID operator community
    • share knowledge on specific topics as defined by the participants each call.
    • involve as many nationalities as possible.

Topics list for the upcoming calls + hosts.

  • Group management (Rolf)
    • Access management & eduID
  • Security deepdive (Zacharias)
    • Multi factor authentication good practices - such as security keys
    • Passwordless authentication eg with Passkeys
    • Security awareness → how do we teach our users??
    • Passwords must die
  • User identification (Marlies)
    • passports or identity cards
    • User account recovery?
  • User experience (Esther)
    • Share our user flows, 1 small flow at a time (Initial onboarding / a login / reaching the required level of assurance and security / account recovery /...)
    • Share our outcomes
  • International interoperability of eduID (Maarten)
    • interop with other identifiers
    • technical interop
    • federation of eduIDs
  • Relation of eduID and eIDAS (Marlies)
    • Relation of eduID and wallets / SSI
  • Mobile Apps (Peter)
    • 2nd factor auth
    • Profile managing
    • NFC for ID-docs / liveness
    • Step towards wallets?
  • Privacy & eduID 
    • Legal issues
    • Account deletion
    • Data retention vs life long learning
    • Security logs

Calls

All calls should be noted on the wiki and minuted appropriately. 

Resources

Previous work:


  • No labels