(Working document of this work plan in Google Doc)

Continuing from 2024

TAC24-1: Federation Proxies WG - community consultation, next steps

Description 

The current FPWG should be done working with some community feedback by the end of this calendar year. But there is plenty more work to be done by both the community and the Federation Operator per the FPWG report.

Proposed By

Derek Eiler

Format, Requirements, Duration

This is a TAC Sponsored Working group.

WG wiki: Federation Proxies Working Group

WG Report Community Consultation: Consultation for the 2024 InCommon Federation Proxies Working Group Report

Notes

None

✧ ✧ ✧ ✧ ✧ ✧ ✧

TAC24-2: Subject ID WG - guidance consultation

Description 

The Subject Identifiers working group will be in a place after TechEx to put out the guidance for an official consultation period that will begin in early 2025 to wrap up the workgroup items.

Proposed By

Joanne Boomer

Format, Requirements, Duration

This is a TAC Sponsored Working group.

WG wiki: SAML Subject Identifiers Deployment Guidance Working Group

✧ ✧ ✧ ✧ ✧ ✧ ✧

TAC24-3: Federation Readiness Check

Description 

The Federation Readiness Check Working Group is concerned with bringing a “good practice” approach to research and education (R&E) identity federation.  In short, how can an InCommon participant tell that their identity provider (IdP) or service provider (SP) works properly?

In 2025, the Federation Readiness Check Working Group will:

• Connect with like-minded working groups (e.g., CTAB).
• Define the behavior of reference identity providers and service providers.
• Outline the questionnaire (and maybe scoring).
• Draft user and functional requirements specifications.

Proposed By

Matthew X. Economou

Format, Requirements, Duration

This is a TAC-sponsored Working Group;

Resource Requirements

Connections—We have links to CTAB and CACTI and plan to build on them next year.  Who else is working in this space?  What are we missing?

Time—We’ll likely switch to weekly 1-hour meetings..

Expertise—For SP validation, we’re effectively defining a model identity provider, so IdP operator participation, or at least review, would be very helpful.

Project management—Keeping track of the work we’re doing is very difficult.  A simple kanban might help keep us organized.

Notes

None.

✧ ✧ ✧ ✧ ✧ ✧ ✧

Items to Start as 2024 Items conclude

These items are official TAC work plan items. They will begin as the 2024 activities conclude. TAC will review each and schedule them to start as TAC members become available.

TAC25-1: Device Level Security mandate and impact on IAM / Federated Access

Description 

As research and education institutions increasingly rely on a diverse array of connected devices, ensuring robust device-level security has become a critical challenge. Many organizations struggle with securing devices at scale, managing endpoint security policies, and addressing emerging threats.

TAC should charter an working group to assess the landscape of device-level security deployment across higher education, develop recommendations where feasible, and, most importantly, establish standard mechanisms to signal device-level security needs and enforcement between a relying party and an identity provider in a federated single sign-on (SSO) transaction. By bringing together security experts and stakeholders, this group will document current practices, identify gaps, and propose guidelines that promote consistency, scalability, and interoperability in securing devices across various environments.

Proposed By

Jeffrey Crawford

Format, Requirements, Duration

This is a TAC-sponsored Working Group;

+1's 

Andy Morgan; Marina Krenz

Notes

None.

✧ ✧ ✧ ✧ ✧ ✧ ✧

TAC25-2: Standardizing on Discovery Service mechanisms and onboarding

Description 

(Originally proposed in 2024; tracked under TAC24-4)

Services use a variety of discovery and onboarding mechanisms to allow InCommon (and beyond) participants to access their services. Registering, onboarding, disambiguating between IdPs under the same parent entity, etc. are historical pain points for IdP operators and probably SP operators as well. Are there standards we should gravitate or guide people towards? Is there something the federation could/should do to alleviate the pain as well?

Examples: NSF/Research.gov handling of organizations having multiple IdPs; 

Proposed By

Derek Eiler

Format, Requirements, Duration

This is a TAC-sponsored Working Group;

Draft Charter:

DRAFT - Relying Party Discovery and Onboarding WG Charter

+1's 

Mark Rank; Steven Premeau

Notes

None.

✧ ✧ ✧ ✧ ✧ ✧ ✧

“On Deck” and “Monitor” Work Items

These items are candidate TAC work plan items or items TAC will monitor, track, observe, participate, and react when appropriate. TAC will review each and schedule them to start as active work plan items complete in 2024.