...
Title | Fed Ops Security Incident Response |
---|---|
Description | Most federations have wording in their federation policy to support incident response but this tends to be a few words committing the Op, IdP and SP to work together on issues. There is no developed idea of the workflow for incident reporting and it is difficult for SPs to understand the process across different federations or contact multiple federations. REFEDS should define a common process and workflow descriptions for federations and support a lightweight model for supporting incident reporting and discussion - possibly via the FOG list or an XMPP type approach. As discussed at ACAMP. |
Proposer | Nicole on behalf of ACAMP session. |
Resource requirements | REFEDS Coordinator time, buy in from federations, possibly some small infrastructure support requirements. |
+1's | Tom Barton, Wendy Petersen (CAF), Dave Kelsey, Scott Koranda, Romain Wartel, Michal Prochazka, Ann West, Heather Flanagan |
Title | VO Assessment |
---|---|
Description | Several years ago, the COmanage project put together a questionnaire aimed at helping both the VO and the organizations supporting them understand their IdM needs and business processes. This proved to be fairly useful, but it needs to be updated and expanded to help a more international audience. The old assessment is available off the COmanage wiki, hosted by Internet2. |
Proposer | Heather Flanagan |
Resource requirements | Some effort (probably not a huge amount), maybe Minimal effort, support for a survey, and kittens |
+1's | Niels van Dijk (SURFnet / GEANT SA5 VOpaas), Michal Prochazka |
Title | edugain recommended practices |
---|---|
Description | With edugain gaining steam, national Feds are trying different approaches to managing import, export, and filtering. This activity would review an early harvest of national Fed experiences and produce recommended practices that national Feds can use to produce a more consistent experience for IdPs and SPs, and hence for users. |
Proposer | Tom Barton |
Resource requirements | Perhaps 6 conference calls for a working group to organize, gather materials, net out essential recommendations. Someone to edit a resulting doc. Email list support. |
+1's | Mikael Linden, Jean-François Guezou, Ann West, Heather Flanagan |
Title | Federation at scale |
---|---|
Description | Determine next steps towards dynamic resolution of entity metadata. The assumption is that this is how metadata will eventually be obtained at transaction time. This activity might focus on furthering the development and experimentation with protocols and implementations for so doing, or on how metadata comes to be sourced for dynamic resolution, or on identifying criteria by which to assess that a given dynamic resolution mechanism is working well. The purpose is to gain further experience and not necessarily to attempt anything definitive as yet. |
Proposer | Tom Barton |
Resource requirements | This one might have some hard resource needs. Some development. An environment in which to try things out, somehow including IdP or SP instances with which to experiment. |
+1's |
Title | Focus on VOs |
---|---|
Description | VOs straddle national Feds and we handle them in an ad hoc (at best!) fashion. What practices should the interfed community adopt to support their Fed/Interfed needs? Deliverables might include strawman recommended practices to national Feds and roles & responsibilities that together would define a consistent service presented to VOs. The purpose would be to inform ourselves of what it might actually take to operationalize such a service. Could build on the VO Assessment activity proposed by Heather above. |
Proposer | Tom Barton |
Resource requirements | A few working group members to interview principals from several VOs or other organizations that support them or otherwise are knowledgeable about needs from a VO perspective (eg, Center for Trustworthy Scientific Cyberinfrastructure). A few Fed Ops to mull this over from an operational perspective. Someone to edit a resulting doc. |
+1's | Romain Wartel, Michal Prochazka, Scott Koranda, Wendy Petersen (CAF), Niels van Dijk, Heather Flanagan |
Title | Privacy and interfed |
---|---|
Description | Is the CoCo on track? What barriers are there to its adoption? Purpose is to determine what issues a communications campaign should address to improve uptake. |
Proposer | Tom Barton |
Resource requirements | Working Group would conduct interviews with a selection of prospective CoCo adopting sites, blend with CoCo knowledgeable expert and a communications person to arrive at an enumeration of concerns to be addressed. Perhaps a dozen Working Group conference calls and list support. Support for a small number of group interviews. |
+1's | Mikael Linden (the GEANT CoCo flywheel) |
...
Title | Attribute authorities and group membership/role information |
---|---|
Description | Attribute authorities become interesting in VO world, where IdPs are not able to satisfy SP needs on additional attributes about the users especially group membership/roles. The main problem is when one SP wants to accept users from different VOs which use different attribute authorities. There is no common standard for representing group name/role in the attribute having VOs identification into account (just group name can lead to collision among different VOs). Some examples how group names are used by current group mgmt systems:
Protocols which work with groups and theirs requirements on the group name:
|
Proposer | Michal Prochazka (CESNET) |
Resource requirements | Several conference calls should be enough for setting up the working group and produce recommendation on nameing schema for groups including VO identification. |
+1's | Scott Koranda, Wendy Petersen (CAF), Niels van Dijk (SURFnet), Heather Flanagan |
Title | Fresh Approaches to IdP Discovery |
---|---|
Description | REFEDS has long appreciated the importance of IdP discovery in the federated model (see: REFEDS Discovery Guide). The current discovery model is dependent upon an aggregate of IdP metadata but advances in the distribution of per-entity metadata suggest that an aggregate may not always be available at the SP. A new model of IdP discovery in a world of per-entity metadata may be needed. Various approaches are possible:
The latter includes the OpenID account chooser but its relevance in this space is not well understood. The goal of this working group is to evaluate the various alternatives to IdP discovery and to recommend one or more approaches that warrant further consideration. |
Proposer | Scott Cantor and Tom Scavo |
Resource requirements | Note the overlap between this proposal and the proposal entitled "Federation at scale" above |
+1's |
...