Date: Fri, 29 Mar 2024 01:41:31 +0000 (UTC)
Message-ID: <786943459.7373.1711676491045@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7372_1698657360.1711676491044"
------=_Part_7372_1698657360.1711676491044
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
------------
Demographic Questions<=
/h2>
What is your name?<=
/span>
________________________________________
What is your electronic mail address?
________________________________________
What is the name of=
the institution you represent?
________________________________________
What t=
ype of institution do you represent?
- I represent the main IT office in a higher education institution <=
/li>
- I am with an academic department in a higher education institution
- I represent a research organization
- I represent a software vendor
- I represent myself
What re=
gion is your institution located?
- The United States
- Europe
- Canada
- Mexico
- Asia
- Africa
- Central and South America
- Other _________________________
How is your role in your institution (check all applicable ro=
les)?
- I am a CIO / Senior IT Manager
- I am an IT Architect
- I am an identity management specialist
- I am a system administrator
- I am a software developer
- I am a faculty member
- I am a student
- I am a non-technical staff
- Other. Please specify ___________________
OIDC/OAuth Interests
What is your involvement with OpenID Connect / OAuth 2?
- We use OpenID Connect/OAuth extensively now
- We plan to adopt OpenID Connect in the next 1 to 6 months
- We plan to adopt OpenID Connect in the next 6 to 18 months
- We are monitoring, but have no concrete deployment plans
- We are not interested in OIDC
Why are you interested in deploying OIDC/OAu=
th support? (please check all that apply)
- I am deploying an application that only supports OIDC/OAuth
- I need a way to support native mobile application or API authentication=
/authorization/single sign on needs.
- A service I am need to integrate with requires OIDC/OAuth
- I need to integrate with and OIDC/OAuth identity provider (e.g., Google=
, Twitter, etc.)
- I choose OIDC/OAuth because it is easy (e.g., support is built into my =
development stack)
- I choose OIDC/OAuth because it is secure
- Buzz. Because everyone is talking about it.
- Other _________________________________________________________________=
_____
Please describe your OIDC/OAuth use case(s). (better w=
ay to phrase this?)
_____________________________________________________________________
The following are some of the already contributed use cases. Please rank=
your interest in these:
As a campus API deployer, I w=
ould like the applications calling my API to provide proof that the en=
d user has properly authenticated via the campus SSO, and that either =
the end user or her IDP has authorized the application to access the inform=
ation my API provides. Further, I would like to validate that the =
;application is registered to invoke my API.
- I must have this capability
- I am very interested
- I am mildly interested
- I am not interested
- I am not sure
- I must have this capability
- I am very interested
- I am mildly interested
- I am not interested
- I am not sure
Use Case 3=
: Federation support in OIDC
- I must have this capability
- I am very interested
- I am mildly interested
- I am not interested
- I am not sure
Use Case n: ....
IT Decision Maker Focused Quest=
ions
Should OpenID Connect/OAuth 2 be bu=
ilt into future Shibboleth or other Internet2 TIER offering?
- Yes. I am willing to contribute funding and/or resources to make it hap=
pen
- Yes.
- No.
- Tell me more. What is TIER?
How important is federation support in OpenID Connect/OAuth?
- It is essential
- It is very important
- It is a nice to have
- It is not important
- I am not sure
Developer Focused=
Questions
Which Programming Language(s) do you use (check all that apply=
)?
- Ruby
- PHP
- Java
- Javascript
- .Net (C# or VB.Net)
- Objective C or Swift
- Python
- Other _______________________________
Please check the IDE and/or development framewor=
k you use (check all that apply).
- JetBrains
- Eclipse
- Visual Studios
- NetBeans
- Komodo
- Other ________________________________
Additional Question=
s to be sorted
- Who are the actors for this use case? Are they affiliated with mu=
ltiple institutions within the federation?
- Does the use case involve authentication from mobile devices?
- Is the software for this use case developed by your institution?
- If yes, what language and IDE are used?
- If no, it is the software operated by your institution, or is it SaaS?<=
/li>
- Is the ability to revoke permissions important?
- Is user consent important?
- Is the RP run by same organization as the OP?
- Is there a business process for registering partner RPs?
- What information is needed by the RP? Is non-identity information=
like location needed?
- Is your campus using OAuth2 to protect APIs?
- Are you using scopes to control access to those APIs?
- If so, what scopes have you defined and how are they used? Example: a w=
hite pages API might define scopes of 'public', 'institution' and 'private'=
, which would correspond with the access rights needed to see a attributes =
that were marked public, institution only, or private.
- If so, how do you control which users or apps can authorize which scope=
s?
- How long do you issue access tokens for? Does lifetime depend on scope?=
- How long are refresh tokens good for? Can you continually refresh for a=
new refresh token?
- What is your process for registering new apps/Oauth2 clients?
- Token revocations
- Do you revoke any tokens when a user's account is deactivated?
- How do resource servers/APIs know about revoked tokens? via token intro=
spection? event notification?
- What tool or SDK is your resource server/API using to validate tokens?<=
/li>
- Do you support rotating the signing key used by the Authorization serve=
r?
------=_Part_7372_1698657360.1711676491044--