2017 REFEDS Workplan

Aims:

• To progress REFEDS position as an important player within the access and identity management space internationally.  
• To build on established relationships with GÉANT project, ISOC and Kantara. 

As normal.

Aim:

• To provide infrastructure and support for evolving ideas and areas in the REFEDS community. 

FOG: Federation Operators Group

OIDC(re): OpenID Connect for Research and Education

Activity to investigate and report on the various ways Identity Federations have implemented incident response handling internally.

The result should provide national federations with insite on what to expect when contacting a peer, and oppertunity for alignment and improvement. In addition it could support Sirtifi and eduGAIN e-Science support activities within AARC GEANT projects.

Template for federation operators.

Scoping tools to automate Sirtfi response testing and compliance.

Various work has been put into better defining the baseline requirements for activity in federations - including via InCommon and the REFEDS assurance group.  This work will look to operationalise this work in the context of existing federations and eduGAIN.

Work is underway on baseline expectations for IdPs and an Assurance Wireframe.  The assurance working group will continue in 2017. The intention is to expose the assurance profile to a community consultation until end of March and then update the assurance profile and publish it as an AARC deliverable. After that, in AARC2, we probably need to have a small pilot before it can be rolled out. 

Work is also underway to implement an MFA profile.

Work for REFEDS R&S v1.3 completed.  Next steps: R&S2, affiliation, academia

Abstract attributes

 - define approaches to abstract attributes to allow groups of attributes to be used.

 - feed into proposals to produce guidelines on attribute release for edugain.

 - create registry of attributes if appropriate.

Exchanging entity attributes outside of those with global definitions (e.g. R&S, Sirtfi etc) creates a potential for mounting conflict; part of handling this is orchestration and handling. There may also be tags that are defined within a federation, but not cross federation. This creates a vocabulary control challenge. Who handles the responsibilities among the fed ops to consider this and does this need managing? This work area will initially focus on discussion here (best practice), clarifying use cases and create a matrix to inform the discussion.  Recommendations on future steps to support this (including potential registries, rules for stripping using MDQ etc.) will be made.

Design, resource, and deploy a global metadata distribution infrastructure for both per-entity and aggregate metadata serving needs, for all federations to use, at global scale.

Per-entity metadata and dynamic federation ideas force a rethinking of how Federations Operators signify their validation or endorsement of certain metadata statements, and consequently a rethinking of much of the process of operating a federation. Deliverables:

1. Define workflows that endow trust in dynamic federation metadata, ie, work out operational aspects of Roland's paper.
2. Define an architecture or design in which it is easy for each recipient to validate dynamic metadata.
3. List ramifications for standard federation operating procedures in a dynamic metadata environment.

Aims:

• To provide materials and support mechanisms to help federations promote effective approaches to IdPs and SPs.
• To provide feedback on documents produced by other groups to support clarity of messages.
• To reach out to target groups where specific messaging could be beneficial.

Nicole Harris

REFEDS Discovery Guide, Mark 2

Consent is used often within identity federations. While on a national level it may be clear what asking and giving consent entails, unfortunately consent does not mean the same thing in various countries as the legal grounds for consent vary. Also there are many ways to implement consent. What makes a good consent page and what does not? When is it (not)   user friendly, what should be shown to make it legally usable? What are the best practices around consent globally?

This activity investigates what it means to ask and give consent in various countries. In addition it describes recommendations for 'good' and 'bad' consent pages similar to the Refeds Discovery Guide.

Include note on how hub and spoke federations manage discovery.

Publisher engagement

It is proposed that concerted effort be spent in 2017 to engage publisher groups and tackle some of the wider problems in the publisher space.  This will be in coordination with the "RA21" group.  Heather to produce a proposal on this.

Service Catalogue definition

Various proposals have been made to create a federation service catalogue, most recently at ACAMP: https://docs.google.com/document/d/1GHerhDYfwlgjN5-pQEryJF0RqOp7R_tWuHiuW5gTdjQ.  This work will focus on defining staged requirement sets for a service catalogue and make recommendations as to how to implement such a service and where this should be hosted.

Aims:

• To provide support for the development of standards and specifications under the REFEDS banner.
• To pilot specification work to support implementation requirements.
• To put in place structures to ensure specification and schema sustainability.

eduPerson / SCHAC liaison
 - Work on adding new values to eduPerson (pre-attendance).

Aims:.

• To continue using MET and enhance where possible.
• To support the basic REFEDS infrastructure needs (website, wiki and mailing lists). 

Contract in place with GARR for central operations.  Development work to be contracted to RETI (Andrea).

New features added and delivered in Oct.