Please use this page to record ideas that you would like to include in the 2024 REFEDS work plan. Copy and paste the template table below. Ideas don't need to be fully formed but the more scope we can get, the easier it will be to assess whether the idea should be taken forward. We look forward to all your ideas!
| Table of Contents | ||
|---|---|---|
|
Template
| Title | <title of your proposal here> |
|---|---|
| Description | <description text here> |
| Proposer | <your name here> |
| Resource requirements | <money? effort? coordination? unicorns?> |
| +1's | <for others to voice their support - add your name here> |
Ideas
| Title | update REFEDs specs to leverage OpenIDFederation |
|---|---|
| Description | The OpenID Federation specification is gaining increased traction. The REFEDs specifications currently do not define how to express them in OpenID Federation. This working group will idenify issues with the current REEFDs specification wrt using OpenID Federation, it will propose changes to existing speficiation or popose new one if needed. As an initial proposal the work could be cut up in 3 phases:
|
| Proposer | Niels van Dijk (SURF) |
| Resource requirements | Standard support tools for WG and meetings. |
| +1's | <for others to voice their support - add your name here> |
| Title | eduID Operator Group |
|---|---|
| Description | A group of NREN's offer an IdP service that is not bound to a specific organisation, for example as an IdP of last resort and IdP for home organisations that don't manage their own. My suggestion is to create an operator group so that have a place to discuss and exchange ideas and operational guidelines. A possible first outcome could be a position paper on how eduIDs perceive themselves (what unifies the eduID?) |
| Proposer | Pål Axelsson (Sunet) (addition by Maarten Kremers) |
| Resource requirements | Time for the group to convene and create a charter and thereafter mail list, slack channel, wiki space and meetings. |
| +1's | Maarten Kremers (SURF) Marlies Rikken (SURF) Peter Havekes (SURF) Wolfgang Pempe (DFN) Christoph Graf (Switch) Laura Paglione |
| Title | Metadata about federations in metadata aggregates |
|---|---|
| Description | To find information about federations today require that you go to each one of them you're interested to and manually gather the information or go to eduGAIN technical site and look for what is manually registered there. I suggest a working group that discuss and may define a metadata extension that include information and policy links plus contact information that is published in the federation metadata feed so that others easy can aggregate this for example in MET and the technical eduGAIN site. The solution should be federation technology agnostic with examples for both SAML and Openid technology federations. |
| Proposer | Pål Axelsson (Sunet) |
| Resource requirements | Standard support tools for WG and meetings. |
| +1's | Davide Vaghetti (GARR) Wolfgang Pempe (DFN) Albert Wu (InCommon) John Scullen (Australian Access Federation) Alex Stuart (UK federation) Nicole Roy (InCommon) Niels van Dijk (SURF and GEANT Incubator) Björn Mattsson (Sunet) |
| Title | Define a REFEDS profile for registering support for entity categories or frameworks in metadata |
|---|---|
| Description | Today all working groups need to define if and how an entity shall indicate in metadata that they support a specific REFEDS specification. To make that more generic I suggest that we create a working group that define a REFEDS framework on how this should be done. Today REFEDS entity categories and SIRTFI have this defined in their specifications but it would be good to have specific profile on how to do ths for all REFEDS framworks, profiles and entity categories. |
| Proposer | Pål Axelsson (Sunet) |
| Resource requirements | Standard support tools for WG and meetings. |
| +1's | Davide Vaghetti (GARR) Wolfgang Pempe (DFN) Albert Wu (InCommon) Björn Mattsson (Sunet) David Walker (How does this relate to the SeamlessAccess trustinfo proposal below?) |
| Title | Define a REFEDS profile for phishing-resistant multi-factor authentication |
|---|---|
| Description | Within its chosen scope, the existing MFA profile is great, but that scope leaves some space when it states: "Protection against active man-in-the-middle attacks is out of scope of this Profile." . There are protocols in the wild which do provide phishing resistance (most prominently, WebAuthn/FIDO2), and those are rolled out progressively by many big players. These new phishing-resistant MFA methods are a new level in the game of authentication assurance, and it feels wrong to put something like "password+TOTP generator (susceptible to phishing)" and "biometrics+cryptographic keypair (w/channel binding and phishing resistant)" into the same bucket. Phishing-resistant MFA deserves being recognised as its own class of authentication assurance, with a distinct REFEDS profile. |
| Proposer | Stefan Winter (Restena) |
| Resource requirements | a large amount of copy&paste from the existing MFA profile, and discussions on the exact formulation in an incarnation of the MFA subgroup. |
| +1's | Christoph Graf (Switch) Zacharias Törnblom (Sunet) |
| Title | Supporting Open Science Through Attributes |
|---|---|
| Description | Programs such as the US Government's Open Science initiative are likely to drive requirements for attributes beyond "researcher" and "member". Resource Providers will need additional information about a person’s qualifications in order to determine access to their services. This work item intends to
|
| Proposer | Benn Oshrin, Albert Wu, Alan Buxey |
| Resource requirements | Meetings. More Meetings. |
| +1's | Laura Paglione, Tom Barton, Ken Klingenstein, Peter Gietz (FIM4L) |
| Title | Browser Changes, continued |
|---|---|
| Description | Continued to coordinate concerns about Browser Changes to mitigate third party cookies and navigational tracking, including "replacements" like FedCM and wallet space work |
| Proposer | Judith Bush |
| Resource requirements | Slack Channel, individuals with ability to attend W3C community group and working group meetings, Confluence space. Occasional meeting. |
| +1's | Heather Flanagan, Scott Cantor, Nicole Roy, Gary Windham, Zacharias Törnblom |
| Title | Promote REFEDS for VC governance |
|---|---|
| Description | The "verifable credentials world" is about to reinvent many things REFEDS has developed for the international academic interfederation world for years. This covers e.g. federation standards, attribute specs and governance structures to manage all of that. We should try to figure out how to carry over those achievements to the "verifiable credentials world". |
| Proposer | Christoph Graf (Switch) |
| Resource requirements | Group of willing to come up with ideas and to propose a set of actions |
| +1's | Heather Flanagan Albert Wu (InCommon) Pål Axelsson (Sunet) Nicole Roy (InCommon) Laura Paglione Niels (SURF) [This might partially overlap with my proposal above to look at REFEDs specs in the context of OpenID Federation] |
| Title | Standardising Standards! |
|---|---|
| Description | There are areas of REFEDS specification creation that could use improvements specifically:
This would help us step up as a standardisation body and give the sort of consistency seen in other areas. |
| Proposer | Nicole Harris |
| Resource requirements | |
| +1's | Heather Flanagan Albert Wu (InCommon) Alex Stuart (UK federation) John Scullen (Australian Access Federation) Pål Axelsson (Sunet) Laura Paglione |
| Title | Formalise SeamlessAccess trustinfo metadata as a REFEDS specification |
|---|---|
| Description | Trustinfo metadata has been developed by the SeamlessAccess team. A working document exists and code is in development (perhaps even deployed) in SeamlessAccess. This work item is to take the specification through the REFEDS standardization process, which should facilitate uptake by federation operators. |
| Proposer | Alex Stuart |
| Resource requirements | A short-term working group, a consultation, a stable URI for the specification |
| +1's | Pål Axelsson (Sunet) Zacharias Törnblom (Sunet) Albert Wu (InCommon) Björn Mattsson (Sunet) David Walker |
| Title | A basic eduPerson/schac SD-JWT Verifiable Credentials schema |
|---|---|
| Description | The working group will produce a specification for a basic SD-JWT verifiable credential representing a person and their institutional affiliation based on the eduPerson and schac schema. Think of this as the basic student and/or employee "card" for the R&E wallet ecosystems. |
| Proposer | Leif Johansson (SUNET) and Peter Leijnse (SURF) |
| Resource requirements | A relatively short-term group. The goal is to produce a straw man specification before Q3 2024. We will look for active engagement from EU, US and Asia as a minimum requirement for success. |
| +1's | Pål Axelsson |
| Title | Defining user experience (UX) principles for FIM |
|---|---|
| Description | This working group will produce principles and best practices to support better user experience (UX) across federations (for discovery services, access management tools, coherent terminology etc.). We aim to create a knowledge base of existing research, practical examples and existing implementations that can serve as best practices for implementers. |
| Proposer | Floris Fokkinga (SURF) and Marlies Rikken (SURF) |
| Resource requirements | Standard support (collaborative workspace and meetings) |
| +1's | <for others to voice their support - add your name here> |