2019 REFEDS Workplan

Aims:

• To progress REFEDS position as an important player within the access and identity management space internationally.  
• To build on established relationships with GÉANT project, ISOC and Kantara. 

Aim:

• To provide infrastructure and support for evolving ideas and areas in the REFEDS community. 

FOG: Federation Operators Group

OIDC(re): OpenID Connect for Research and Education

 SIRTFI

Activity to investigate and report on the various ways Identity Federations have implemented incident response handling internally.

The result should provide national federations with insight on what to expect when contacting a peer, and opportunity for alignment and improvement. In addition it could support Sirtifi and eduGAIN e-Science support activities within AARC GEANT projects.

Template for federation operators.

Scoping tools to automate Sirtfi response testing and compliance.

Continue on work to define ways of tagging IdPs of Last Resort and defining a specification for minimum requirements of such an IdP within federation environment.

The REFEDS Assurance suite was approved in October 2018. 2019 will focus on encouraging adoption of the profiles.

Conduct a post-mortem for entity categories in general.

Work for REFEDS R&S next steps: R&S2, affiliation, academia

Abstract attributes

 - define approaches to abstract attributes to allow groups of attributes to be used.

 - feed into proposals to produce guidelines on attribute release for edugain.

 - create registry of attributes if appropriate.

Exchanging entity attributes outside of those with global definitions (e.g. R&S, Sirtfi etc) creates a potential for mounting conflict; part of handling this is orchestration and handling. There may also be tags that are defined within a federation, but not cross federation. This creates a vocabulary control challenge. Who handles the responsibilities among the fed ops to consider this and does this need managing? This work area will initially focus on discussion here (best practice), clarifying use cases and create a matrix to inform the discussion.  Recommendations on future steps to support this (including potential registries, rules for stripping using MDQ etc.) will be made.

The existing identifier complexity is maddening. Possibly push for adoption of the Subject-ID spec everywhere an identifier is needed, to reduce complexity for all involved going forward. Replaces eduPersonTargetedID, SAML 2.0 persistent NameID, eduPersonUniqueID and (partially) eduPersonPrincipalName. Might help align with private/public identifiers in OIDC.

Federation Trust 2.0

Design, resource, and deploy a global metadata distribution infrastructure for both per-entity and aggregate metadata serving needs, for all federations to use, at global scale.

Per-entity metadata and dynamic federation ideas force a rethinking of how Federations Operators signify their validation or endorsement of certain metadata statements, and consequently a rethinking of much of the process of operating a federation. Deliverables:

1. Define workflows that endow trust in dynamic federation metadata, ie, work out operational aspects of Roland's paper.
2. Define an architecture or design in which it is easy for each recipient to validate dynamic metadata.
3. List ramifications for standard federation operating procedures in a dynamic metadata environment.

Aims:

• To provide materials and support mechanisms to help federations promote effective approaches to IdPs and SPs.
• To provide feedback on documents produced by other groups to support clarity of messages.
• To reach out to target groups where specific messaging could be beneficial.

Nicole Harris

REFEDS Discovery Guide, Mark 2

Consent is used often within identity federations. While on a national level it may be clear what asking and giving consent entails, unfortunately consent does not mean the same thing in various countries as the legal grounds for consent vary. Also there are many ways to implement consent. What makes a good consent page and what does not? When is it (not)   user friendly, what should be shown to make it legally usable? What are the best practices around consent globally?

This activity investigates what it means to ask and give consent in various countries. In addition it describes recommendations for 'good' and 'bad' consent pages similar to the REFEDS Discovery Guide.

Include note on how hub and spoke federations manage discovery.

Publisher engagement

It is proposed that concerted effort continue in 2019 to engage publisher groups and tackle some of the wider problems in the publisher space.  This will be in coordination with the "RA21" group.

Work will expand in 2019 to include development of a scholarly resource entity category.

SP Engagement Plan

Develop/enhance an engagement plan for service providers. The goal is threefold: 1) to gain deeper insights about the needs of SPs within the community, 2) to better integrate SPs in general community engagement (conferences, working groups, discussions, etc), and 3) to develop a resource for gaining SP support, feedback, and contributions. (Follow up from the Technology Exchange ACAMP session, SPs Unite!: http://bit.ly/ACAMP-SPsUnite)

Aims:

• To provide support for the development of standards and specifications under the REFEDS banner.
• To pilot specification work to support implementation requirements.
• To put in place structures to ensure specification and schema sustainability.

Schema management

Aims:.

• To continue using MET and enhance where possible.
• To support the basic REFEDS infrastructure needs (website, wiki and mailing lists). 

MET

Contract in place with GARR for central operations.  Development work to be contracted to RETI (Andrea).

New features added and delivered in Oct.

REEP/PEER

Evaluate service and determine what, if any changes are required to maintain