The interfederation TAC subgroup recommends that TAC convene a follow-on subgroup to work on the following items for further progress on interfederation:

  1. Establish international interfederation agreements with eduGAIN and UK federation. Acknowledging that these agreements are not the totality of interfederation but are a concrete step forward.
    1. InCommon becoming an eduGAIN member. Work with InCommon Operations to achieve InCommon membership in eduGAIN. Follow the InCommon governance process to obtain InCommon Steering approval for eduGAIN membership. Sign eduGAIN declaration. Work with Canadian Access Federation on eduGAIN pilot projects.
    2. InCommon interfederating with UK federation. Follow InCommon governance process to sign bilateral agreement with UK federation. UK federation has an agreement ready for InCommon to sign.
  2. Document trust practices and policies for entity registration and publishing.
    1. Metadata exchange: Perform a due-diligence review of InCommon policies related to metadata exchange with non-InCommon members. Determine policy for which eduGAIN entities would be provided in a metadata aggregate to InCommon members, and which InCommon entities would be provided to eduGAIN (potentially including an opt-in or opt-out process and potentially starting with R&S entities). Communicate with InCommon membership regarding trust issues associated with eduGAIN participation. Determine level of trust required for entities included in InCommon's "import" interfederation metadata aggregate(s). Determine if InCommon should provide "untrusted" interfederation metadata to its members versus only entities that meet baseline trustworthy practice, to help scale the trust. Determine opt-in/opt-out process for InCommon entity inclusion in "export" aggregate(s).
    2. Registration practice: Document InCommon registration practices to a level similar to UK Federation Technical Specifications. This documentation will be useful as input to eduGAIN. REFEDS may develop a template for registration practice statements, and if/when that happens, InCommon should conform to the template. Develop a common InCommon-UK registration practice standard that could be floated for wider adoption. Topics include private key handling, upload of metadata from org to fed operator, key sizes, organizational validation, etc. This can set a criteria for assessing eduGAIN members and other interfederation partners.
  3. Develop and adopt a US-EU Code of Conduct to address privacy and attribute release. There is a DRAFT of an extension to the CoC that would allow EU-based IDPs to release attributes to SPs that are InCommon members if those SPs were to assert compliance. This draft should be forwarded to the InCommon lawyers for review.
  4. Implement improvements and new capabilities for metadata management/publication/aggregation/tagging (i.e., technical work). Continue to rely on LIGO as a driver for technical pilot projects, and welcome additional driving use cases.
    1. InCommon adding <mdrpi:PublicationInfo> and <mdrpi:RegistrationInfo> elements in metadata. Addition of <mdrpi:PublicationInfo> to InCommon metadata is now planned. Assuming that goes well, adding <mdrpi:RegistrationInfo> to each entity in InCommon metadata can happen later. This will help with metadata aggregation by clearly identifying the registrationAuthority and publisher for each entity. When an aggregator publishes metadata, the registrationAuthority won't change but the publisher will identify the aggregator.
    2. InCommon providing one or more production "import" metadata aggregate(s) for consumption by InCommon members.
    3. InCommon providing one or more production "export" metadata aggregate(s) for consumption by external partners (UK, eduGAIN, etc.).
    4. InCommon support for additional entity tags. As REFEDS and other groups develop standard entity tags, indicating (for example) whether an IdP should be included in discovery interfaces or indicating an SP's privacy policy, InCommon should provide the ability for InCommon entities to self-assert these tags. This can also include a tag indicating acceptance of the InCommon membership agreement.
  5. Establish practices and policies for domestic interfederation. First step is to identify driving use cases: K-12, regionals, university system federations.

We recognize that much of the above work can only be done by InCommon Operations. The subgroup will work with InCommon Operations to identify tasks that it can help with (i.e., pilot projects, technical review, document drafting, etc.).

  • No labels