Please use this page to record ideas that you would like to include in the 2020 REFEDS workplan. Copy and paste the table below. Ideas don't need to be fully formed but the more scope we can get the easier it will be to assess whether idea should be taken forward. We look forward to all your ideas!
|Title||<title of your proposal here>|
|Description||<description text here>|
|Proposer||<your name here>|
|Resource requirements||<money? effort? coordination? unicorns?>|
|+1's||<for others to voice their support - add your name here>|
Input into a baseline expectations for eduGAIN.
(Question: is this the same WG of this name that has started meeting and it's listed here just as a formality, or a new WG?)
Scott Koranda; Tom Barton
|Title||Revise Cloud Services Cookbook|
|Description||The Cloud Services Cookbook, https://wiki.refeds.org/x/PoDR, was posted to the Refeds wiki with a few updates made from it's original version created by the Big Ten Academic Alliance. It hasn't been updated since 2016, however. It would be very useful to devote some resources to updating SAML-specific recipes as well as add OIDC and protocol-agnostic recipes.|
People resources, brain power, and possibly a Festivus miracle.
|+1's||Albert Wu, Janemarie Duh, Corey Scholefield|
|Title||Extensions to MDQ|
|Description||The RA21 and SeamlessAccess projects have defined two extensions to the MDQ protocol, one to enable a search capability and one to enable a "webfinger" query to determine "what the server knows". Leif Johansson has provided an example implementation with pyFF. This proposal is to have REFEDs help formalize these extensions, perhaps by working with Ian Young to evolve the MDQ specification.|
|Proposer||Scott Koranda and Leif Johansson|
|People resources for help with planning and organization and to help shepherd the update.|
After login at a service the service (SP) may be missing some information or requirements of the login, for example
There currently is no best-practice for how a service should inform users of non-technical shortcomings of logins. It would be convenient if IdP:s could supply URL:s to different support pages that services could referer to depending on pre-defined problems with logins. Many login problems are not detected until after login.
ACAMP at TechEx had a session regarding this. Notes and Post-ACAMP work are available at https://bit.ly/2rOYgl1
|Resource requirements||A short term working-group to write up an errorURL profile with recommendations|
|+1's||Albert Wu, Fredrik Domeij, Tom Barton|
|Title||Make Microsoft ADFS handle REFEDS MFA Profile|
REFEDS MFA Profile uses the authnContextClassRef https://refeds.org/profile/mfa in the SAMLRequest to signal that MFA should be used for authentication. Microsoft ADFS cannot handle this authnContextClassRef and returns a FatalProfileException during authentication.
Diskussion notes from TechEx ACAMP session regarding REFEDS MFA in ADFS: https://bit.ly/2RTPgGb
|Proposer||Fredrik Domeij <email@example.com>|
|Resource requirements||A working-group to help Microsoft add support for REFEDS MFA in ADFS, or to find a work-around to make ADFS usable in REFEDS MFA authentcation|
|+1's||Tommy Larsson <firstname.lastname@example.org>, Johan Peterson <email@example.com>, Pål Axelsson|