Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



Fed Ops Security Incident Response

DescriptionMost federations have wording in their federation policy to support incident response but this tends to be a few words committing the Op, IdP and SP to work together on issues.  There is no developed idea of the workflow for incident reporting and it is difficult for SPs to understand the process across different federations or contact multiple federations.   REFEDS should define a common process and workflow descriptions for federations and support a lightweight model for supporting incident reporting and discussion - possibly via the FOG list or an XMPP type approach.  As discussed at ACAMP.
ProposerNicole on behalf of ACAMP session.
Resource requirementsREFEDS Coordinator time, buy in from federations, possibly some small infrastructure support requirements.
+1'sTom Barton, Wendy Petersen (CAF), Dave Kelsey, Scott Koranda, Romain Wartel, Michal Prochazka, Ann West, Heather Flanagan, Lukas Hämmerle
TitleGlobal FedLab
DescriptionLots of useful tools have been produced as part of FedLab - as seen in Roland's excellent presentation in Indianapolis.  There have also been other tools developed across the community to monitor and check information - such as MET, Code of Conduct monitor, Lukas's domain-checking tool for edugain, SMEV etc. etc.  Some of FedLab will be moved to production as part of the GN4 project under the Identity and Harmonisation Task, but this will only address specific GEANT Project use cases.  A pilot should be undertaken by REFEDS to look at global requirements and the best set of tools for our community.  In the longterm this may merge back with GEANT service offerings but it makes sense to run a pilot under REFEDS to address all possible features.
ProposerLicia Florio, Nicole Harris, Roland Hedberg
Resource requirementsFunding for hosting and coordinating testing and decisions around useful tools.  Development effort can be provided via GN4.
+1's<for others to voice their support - add your name here>



Federation at scale

DescriptionDetermine next steps towards dynamic resolution of entity metadata. The assumption is that this is how metadata will eventually be obtained at transaction time. This activity might focus on furthering the development and experimentation with protocols and implementations for so doing, or on how metadata comes to be sourced for dynamic resolution, or on identifying criteria by which to assess that a given dynamic resolution mechanism is working well. The purpose is to gain further experience and not necessarily to attempt anything definitive as yet.
ProposerTom Barton
Resource requirementsThis one might have some hard resource needs. Some development. An environment in which to try things out, somehow including IdP or SP instances with which to experiment.
+1's Lukas Hämmerle

Fresh Approaches to IdP Discovery


REFEDS has long appreciated the importance of IdP discovery in the federated model (see: REFEDS Discovery Guide). The current discovery model is dependent upon an aggregate of IdP metadata but advances in the distribution of per-entity metadata suggest that an aggregate may not always be available at the SP. A new model of IdP discovery in a world of per-entity metadata may be needed. Various approaches are possible:

  • continued reliance on a comprehensive aggregate of IdP metadata

  • a google-like, server-side search mechanism (trading latency for load time)

  • domain mapping eduroam-style

  • a client-side application or plugin

The latter includes the OpenID account chooser but its relevance in this space is not well understood.

The goal of this working group is to evaluate the various alternatives to IdP discovery and to recommend one or more approaches that warrant further consideration.
ProposerScott Cantor and Tom Scavo
Resource requirementsNote the overlap between this proposal and the proposal entitled "Federation at scale" above