View Source

Next Meeting 4 November 2019 4pm London

https://zoom.us/j/311952801

Agenda, Live Scribing and Meeting Notes: http://bit.ly/iolrNotes

Resources

Un-Affiliated IdP Self-Assessment Form: http://bit.ly/iolrForm

To submit a checklist for another IdP, use File/Make a Copy on the page above, fill in the form and email to pete@digitalidentitylabs.com, hazelton@wisc.edu, or olshansky@isoc.org

Working Group Logistics

The World Clock Meeting Planner - Details

Location	Local time	Time zone	UTC offset
San Francisco (USA - California)	8:00 AM	PDT	UTC-7
New York (USA - New York)	11:00 AM	EDT	UTC-4
London (United Kingdom - England)	16:00 PM	BST	UTC+1

Join Zoom Meeting

https://zoom.us/j/311952801

- - - - - - - - - - - - - - - - - - - - - - - - - -

Agenda, Live Scribing and Meeting Notes: http://bit.ly/iolrNotes

Discussion/editing of proposed actions at

Current Work Items

See issues list at https://trello.com/b/5ExA2bZ8/actions

Overview of ORCID use with Proxy IdP

Review sustainability strategies

- See email thread, "Re: Funding an unaffiliated IdPs

Consider addressing the orphaned user problem by leveraging ORCID iDs

Update Self-assessment form for self-declaring Un-Affiliated IdPs

https://wiki.refeds.org/display/GROUPS/IoLR Wiki

iolr@lists.refeds.org (currently 47 subscribers)

To subscribe, visit https://lists.refeds.org/sympa/subscribe/iolr

Older Work Items

Internationalize the Requirements for R&S Un-Affiliated IdPs
- Start from the InCommon IdP of Last Resort WG requirements
- http://j.mp/iolrreq

Define Acceptable Bases of Trust
- Self-assertion? Reputation-based? Tagging by fed. operator?

Mitigate “Single (IdP) Point of Failure” for Users
- The most difficult challenge: "What if my un-affiliated IdP of choice goes out of business? What happens to all my existing access paths?"

Overview

This is the wiki space for the IdPs of Last Resort (IoLR) Working Group. To participate in this group, please subscribe to the mailing list.

Service Providers (SPs) often find that the population they want to serve includes individuals who are not represented by campus-based or other institutional Identity Providers (IdPs). In other cases, the individual's organizational IdP can not (or will not) release attributes necessary for the operation of the SP. The two most commonly encountered accommodations for users in this situation both suffer from serious inadequacies. First, SPs can opt to issue credentials and run an authentication service for those users lacking an adequate federated solution. The drawback is that this forces the SP owners to take on the unwelcome role of issuers and managers of user credentials. It is not their core mission and it can easily become a substantial support burden. The second fallback is to accept external IdPs such as Google. This gets the SP owners out of the credential management business, but brings other issues. To take Google as an example, Google’s IdP-like service comes with several caveats: Their business model is premised on monetizing user and usage data; As a non-SAML solution, they don’t support the Enhanced Client or Proxy (ECP) Profile, a critical requirements for some key research services; They also reserve the right to throttle usage if it gets above what they consider an acceptable level of use.

A different approach is clearly needed. Ideally, individuals lacking a suitable IdP could be invited to register with a participating IdP that offered no-cost, easy self-registration processes. This REFEDS Working Group is charged with specifying how such a service should be structured and establishing processes for reviewing and approving IdPs that seek to be designated as "Un-Affiliated IdPs", or informally, "IdPs of Last Resort" that meet the Service Providers' requirements. For some additional background, see the 2015 Final Report of the InCommon Technical Advisory Working Group, IdPoLR.

Terms

The following terms apply to all REFEDS Working Groups:

When a working group is agreed, REFEDS Participants will be asked if they wish to participate. Working Groups tend to be small, so consensus can be achieved quickly between participants.
A chair for the group is chosen from the REFEDS Participants.
TERENA provides facilities for the working group, including meeting support, wiki space, mailing lists and, where appropriate, funding.
An appropriate output from the group is produced. Currently, this is typically a draft white paper or a wiki page.
When the Working Group is in agreement, the chair shares the outputs with the wider REFEDS community with an open period for discussion and comment. This is typically a period of 4 weeks, but may be longer if appropriate.
After this period of time, the REFEDS Steering Committee signs off on the work item. Work is either written up as a formal white paper, left on the wiki but promoted as finished work or occasionally submitted as an Internet Draft.

Convener

Pete Birkinshaw, Digital Identity Ltd | http://www.digitalidentity.ltd.uk

Calls

Resources

Un-Affiliated IdP Working Group Draft Annual Report, 2017
2015 Final Report of the InCommon Technical Advisory Working Group, IdPoLR