Workplan
Child pages
  • 2015 Work Plan Preparation

Versions Compared

Old Version 26

changes.mady.by.user Tom Scavo

Saved on

compared with

New Version 27

changes.mady.by.user Niels van Dijk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TitleFresh Approaches to IdP Discovery
Description

REFEDS has long appreciated the importance of IdP discovery in the federated model (see: REFEDS Discovery Guide). The current discovery model is dependent upon an aggregate of IdP metadata but advances in the distribution of per-entity metadata suggest that an aggregate may not always be available at the SP. A new model of IdP discovery in a world of per-entity metadata may be needed. Various approaches are possible:

  • continued reliance on a comprehensive aggregate of IdP metadata

  • a google-like, server-side search mechanism (trading latency for load time)

  • domain mapping eduroam-style

  • a client-side application or plugin

The latter includes the OpenID account chooser but its relevance in this space is not well understood.


The goal of this working group is to evaluate the various alternatives to IdP discovery and to recommend one or more approaches that warrant further consideration.
ProposerScott Cantor and Tom Scavo
Resource requirementsNote the overlap between this proposal and the proposal entitled "Federation at scale" above
+1's 

 

 

TitleBest practices for Hub-and-Spoke federation
Description

Hub-and-Spoke federations operate a centralized authentication component as part of their Identity Federation. In Reseach and Education about 10 federations are currently running such a setup.

This activity gathers best practices form those running such federations. Possible topics may include:

  • Operational topic, e.g. scale and security
  • Enduser, IdP and SP support
  • Trust establisment, privacy preservation and policy
  • Business cases for running a central component
  • Augmenting federation with e.g. group management, attribute aggregation, stepup authentication, credential and protocol translation and autherization
  • Working with metadata
  • Available tools and technologies
  • Working with eduGAIN, Code of Conduct and attribute bundles
  • Combining Hub-and-Spoke and Mesh federation technology
ProposerNiels van Dijk
Resource requirementsSeveral conference calls, a wiki space, pehaps one or two f2f discussion meetings at existing venues
+1's<for others to voice their support - add your name here>