...
| Title | Fed Ops Security Incident Response |
|---|---|
| Description | Most federations have wording in their federation policy to support incident response but this tends to be a few words committing the Op, IdP and SP to work together on issues. There is no developed idea of the workflow for incident reporting and it is difficult for SPs to understand the process across different federations or contact multiple federations. REFEDS should define a common process and workflow descriptions for federations and support a lightweight model for supporting incident reporting and discussion - possibly via the FOG list or an XMPP type approach. As discussed at ACAMP. |
| Proposer | Nicole on behalf of ACAMP session. |
| Resource requirements | REFEDS Coordinator time, buy in from federations, possibly some small infrastructure support requirements. |
| +1's | Tom Barton, Wendy Petersen (CAF), Dave Kelsey, Scott Koranda, Romain Wartel, Michal Prochazka, Ann West, Heather Flanagan, Lukas Hämmerle |
| Title | Global FedLab |
|---|---|
| Description | Lots of useful tools have been produced as part of FedLab - as seen in Roland's excellent presentation in Indianapolis. There have also been other tools developed across the community to monitor and check information - such as MET, Code of Conduct monitor, Lukas's domain-checking tool for edugain, SMEV etc. etc. Some of FedLab will be moved to production as part of the GN4 project under the Identity and Harmonisation Task, but this will only address specific GEANT Project use cases. A pilot should be undertaken by REFEDS to look at global requirements and the best set of tools for our community. In the longterm this may merge back with GEANT service offerings but it makes sense to run a pilot under REFEDS to address all possible features. |
| Proposer | Licia Florio, Nicole Harris, Roland Hedberg |
| Resource requirements | Funding for hosting and coordinating testing and decisions around useful tools. Development effort can be provided via GN4. |
| +1's | <for others to voice their support - add your name here> |
...
| Title | Federation at scale |
|---|---|
| Description | Determine next steps towards dynamic resolution of entity metadata. The assumption is that this is how metadata will eventually be obtained at transaction time. This activity might focus on furthering the development and experimentation with protocols and implementations for so doing, or on how metadata comes to be sourced for dynamic resolution, or on identifying criteria by which to assess that a given dynamic resolution mechanism is working well. The purpose is to gain further experience and not necessarily to attempt anything definitive as yet. |
| Proposer | Tom Barton |
| Resource requirements | This one might have some hard resource needs. Some development. An environment in which to try things out, somehow including IdP or SP instances with which to experiment. |
| +1's | Lukas Hämmerle |
| Title | Fresh Approaches to IdP Discovery |
|---|---|
| Description | REFEDS has long appreciated the importance of IdP discovery in the federated model (see: REFEDS Discovery Guide). The current discovery model is dependent upon an aggregate of IdP metadata but advances in the distribution of per-entity metadata suggest that an aggregate may not always be available at the SP. A new model of IdP discovery in a world of per-entity metadata may be needed. Various approaches are possible:
The latter includes the OpenID account chooser but its relevance in this space is not well understood. The goal of this working group is to evaluate the various alternatives to IdP discovery and to recommend one or more approaches that warrant further consideration. |
| Proposer | Scott Cantor and Tom Scavo |
| Resource requirements | Note the overlap between this proposal and the proposal entitled "Federation at scale" above |
| +1's |
...