InCommon TAC 2022 Work Plan

This is final version of the InCommon Technical Advisory Committee's 2022 work plan. The TAC provides recommendations related to the technical operation and management of InCommon. The work plan outlines the proposed technical priorities, particularly for the InCommon Federation.

If you have a new work item to propose, please copy the Template below and paste at the bottom of the work items, filling in a title and brief high-level description.

Alternatively, if you would like to comment on any of the existing items, please add a comment to the wiki page. Note that you need to sign into Confluence in order to edit or leave a comment.Lastly, if you have a work item you'd like to propose but aren't comfortable using the wiki editor, enter it in the comments at the bottom of the page.



(Working document of this work plan in Google Doc)


2022 Work Plan Items

These are TAC's focused work items for 2022.

Adopt SAML Deployment Profile - Next Steps

Now that InCommon Steering Committee has officially endorsed TAC's recommendation to adopt SAML Deployment Profile, TAC turns its attention to developing strategy, roadmap, and support materials to help Participants making the transition. 

Link to related materials

Suggestion/Action Item

Submitter

Description

+1s

Develop a roadmap to adoption across the federation; how to get started; who first? Sequencing; timing, etc.

Albert W


Mark R

Understand implication to organizations; develop measures to help

Albert W


Mark R
Devise communication/outreach planAlbert W
Mark R
Identify incentives (killer app) to motivate orgs to make the changesAlbert W
Mark R
Deal with Single LogoutMark R

What type of work is expected? Working Group, Liaison Efforts, Other?

TAC to convene a sub group, similar to the group that drafted the original recommendation

TAC Sponsor(s)/Champion(s)

Mark Rank

Subject Identifier

Develop rationale and recommendations regarding adoption of SAML Subject Identifier Attributes Profile across InCommon; recommend implementation and transition strategy.

Link to related materials

Suggestion/Action Item

Submitter

Description

+1s

volunteers

Matt E

Mark R

Steven P

Joanne B

Chris Phillips (CACTI volunteer)

Kevin Hickey (CACTI volunteer)

Develop a roadmap to adoption across the federation; how to get started; who first? Sequencing; timing, etc.

Albert W

Matt E

Mark R

Understand implication to organizations; develop measures to help

Albert W

Mark R

Matt E

Devise communication/outreach planAlbert W
Matt E
Identify incentives (killer app) to motivate orgs to make the changes Albert W

Mark R

Matt E

change/migration/parallel support guidance - how do IdPs and SPs deal with the transition period where old and new identifiers are in use in parallel?Albert W

Mark R

Matt E

Expectations for product makers and for product deployersAlbert W
Matt E
Strategies for dealing with RL realities, e.g., products demanding email address as identifiersAlbert W
Matt E

What type of work is expected? Working Group, Liaison Efforts, Other?

Working Group

Consider instead a subgroup that will watch the space and gather the data about where things are going. Outcome would be a set of requirements/recommendations and a proposed charter or report for next steps

TAC Sponsor(s)/Champion(s)

Mark Rank (tend)

Federation Testing

The TAC is preparing InCommon to adopt the Deployment Profile. The Fed Test working group will support this effort by working through the specifics of how to allow InCommon, deployers, and implementers measure against the testable statements in the Deployment Profile.  In order to clearly measure an entity’s success in meeting the requirements of the statements, there needs to be a set of reference / compliance testing tools on which the community can rely. 

Link to related materials


Suggestion/Action Item

Submitter

Description

+1s

Find participants

Judith B


Develop out a plan of attack and have a clear ask of the people we recruit

Judith BThis could provide a clear work scope and be less open ended:  “Can you write testing requirements for the deployment profile/SAML spec X?” “Can you review the list of testing priorities for  IdPs/SPs for missing test targets?


What type of work is expected? Working Group, Liaison Efforts, Other?

Working Group

TAC Sponsor(s)/Champion(s)

Judith Bush


Standing Items

In addition to focused work items, TAC tracks additional work and happenings in the community and industry. As appropriate, TAC will react/escalate.

Browser Technology Changes (user tracking) and impact on Federation

Champion: Heather Flanagan

Protecting the security and privacy of users as they engage with the web is necessary from both a moral and a legal perspective. Unfortunately, while the goal of a privacy-preserving web is easy to say, it is much harder to implement when one takes into account the wildly varied requirements of different stakeholder groups.

On the one hand, an entire commercial ecosystem of third-party vendors is built on their ability to track individual users as they browse the web, collecting information on their interests and purchases with the goal of more effectively selling those individuals' specific products or ideas. They do this via third-party cookies, link decorations, and other low-level primitives. By blocking those primitives, cross-site tracking is no longer a viable option, and user privacy is protected. 

On the other hand, those low-level primitives are also used by federated single sign-on (SSO) services. In the enterprise and in higher education, for example, services have a business need to allow a user's authentication and authorization information to flow from one site to the next. Whether the protocol used is OIDC or SAML, information is stored in the browser about where a user comes from, and that information must be read by multiple parties.

InCommon needs eyes on this space, as there will be direct technical impact to the functioning of multilateral federations.

Actions

  • Lightweight tracking, reporting through the Slack channel.

Link to related materials


Next Steps with HECVAT: ongoing evolution/keeping

Champion: Steven P

TAC contributed a number of federated IAM related elements to the latest HECVAT release. REN-ISAC has asked InCommon to remained engaged. 

Actions

  • Maintain contact with REN-ISAC; report request for updates / engagement as appropriate. 

Guidance for EntityID creation, change, and use.

Champion: Mark Rank

Volunteers: Jim Basney; Scott Korenda; Albert Wu

A number of institutions have recently migrated its IdP from one platform to another. In the process, they are changing their IdP entity ID. On the other side, some SPs implement rules binding a user’s access to a particular entity ID. If the IdP’s entity ID changes, the user loses access 

This phenomenon seems to be  happening more frequently with staff turnovers and campuses facing major upgrade/migration of their IdPs. How can TAC/InCommon help to resolve this matter?

Questions include:

  • What is the IdP operator’s responsibility when making such transition?
  • What should be the SP’s expectations regarding the IdP’s entity ID?

Potential Actions

  • Survey of cloud provider options: how many require the provider’s entity ID, how many default to a provider entity ID? - could be the basis of a guide to prevent inappropriate entity ID switch overs
  • Best practices in migration between IdPs? Best practice’s when your institution’s branding changes? Explanation that the entity Id need not be the same URL as the IdP? - Could clear up misconceptions about entity IDs

Link to related materials


  • No labels