...
Title | Attribute authorities and group membership/role information |
---|---|
Description | Attribute authorities become interesting in VO world, where IdPs are not able to satisfy SP needs on additional attributes about the users especially group membership/roles. The main problem is when one SP wants to accept users from different VOs which use different attribute authorities. There is no common standard for representing group name/role in the attribute having VOs identification into account (just group name can lead to collision among different VOs). Some examples how group names are used by current group mgmt systems:
Protocols which work with groups and theirs requirements on the group name:
|
Proposer | Michal Prochazka (CESNET) |
Resource requirements | Several conference calls should be enough for setting up the working group and produce recommendation on nameing schema for groups including VO identification. |
+1's | Scott Koranda, Wendy Petersen (CAF), Niels van Dijk (SURFnet) |
Title | Fresh Approaches to IdP Discovery |
---|---|
Description | REFEDS has long appreciated the importance of IdP discovery in the federated model (see: REFEDS Discovery Guide). The current discovery model is dependent upon an aggregate of IdP metadata but advances in the distribution of per-entity metadata suggest that an aggregate may not always be available at the SP. A new model of IdP discovery in a world of per-entity metadata may be needed. Various approaches are possible:
The latter includes the OpenID account chooser but its relevance in this space is not well understood. The goal of this working group is to evaluate the various alternatives to IdP discovery and to recommend one or more approaches that warrant further consideration. |
Proposer | Scott Cantor and Tom Scavo |
Resource requirements | Note the overlap between this proposal and the proposal entitled "Federation at scale" above |
+1's |