Date: Fri, 29 Mar 2024 02:15:27 +0000 (UTC) Message-ID: <1089970348.7411.1711678527998@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7410_1828463878.1711678527997" ------=_Part_7410_1828463878.1711678527997 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
March 3, 2016
Chair: Walter Hoehn, University of Me= mphis
Contributors:
Scott Cantor, The Ohio State Universi= ty
Rainer H=C3=B6rbe, Identinetics GmbH,= Kantara Initiative
Tom Scavo, InCommon
Eric Goodman, University of Californi= a, Office of the President
Brett Bieber, University of Nebraska-= Lincoln
Nick Roy, InCommon
Barry Ribbeck, Rice University=
Judith E. Bush, OCLC
Mike Grady, Unicon
Scott Koranda, LIGO
The InCommon Federation Interoperabil= ity Working Group (FIWG) was chartered by the InCommon Technical Advisory C= ommittee (TAC) in July, 2015 to help improve interoperability within InComm= on and across scalable SAML federations more broadly. To quote the ch= arter[5]= :
= When InCommon was created 10+ years ago, it was an explicit goal to keep th= e bar for membership and operational participation as low as possible. This= helped to grow the Federation to its current size. This has also hindered = interoperation. Members cannot make any real assumptions about policy, prac= tices, and the supported functionality at other member sites when attemptin= g to interoperate. Both IdPs and SPs suffer from this problem. Areas that a= re affected include:
The functionality provided= by a SAML implementation (whether open source or commercial)
The sites' policies and ar= chitectural choices integrated with their SAML implementation of choice
The way that a site config= ures the overall package to operate within InCommon
= This Working Group is charged with developing both minimal and best practic= e statements in order to improve the "interoperate by default" situation.= span>
The working group was charged with ad= dressing all three of the identified barriers to interoperability, with an = expected deliverable date of the end of calendar year 2015.
The TAC sought working group membersh= ip from the InCommon participant community, as well as the REFEDS and Kanta= ra Initiative groups. Active participants included members from the U= S (higher education, research and industry) as well as EU (higher education= , research and e-government).
The group quickly determined that the= first point covered in the above charter text (implementation specificatio= n) was likely to yield the most impact and is a critical missing piece for = use of SAML software in scalable SAML federations. Th= e group worked with TAC to get approval to proceed on a SAML implementation= profile to address this need, and proceeded to do the bulk of the content = creation through the fall of 2015.
The work product of the working group= is the SAML V2.0 Implementation Profile for Federation Interoperability= [1]. This is an implementation = profile intended for use by SAML software engineers and architects as a nor= mative guide for design of their software to meet the requirements of a sca= lable SAML trust model rooted in multiparty metadata exchange. It is = a counterpart to the earlier saml2int [2] work on configuration of SAML software for a scalable deployment (mo= re on that in the next section). Without the implementation requireme= nts documented in this new work, it may be impossible for SAML implementati= ons to meet the configuration requirements in saml2int.
Additionally, it is hoped that this w= ork will be incorporated into federation software test suites such as fedla= b = ;[3= ]. One of the core fedl= ab team members (also a Kantara WG-FI and eGov member/chair) was an active = contributor to the document, and will help shepherd it into the test suite = and through the Kantara process (more in =E2=80=9CRecommendations=E2=80=9D section). In turn, this should = serve as a basis for InCommon and other operators to create test tool deplo= yments on which to base other possible means of communicating compliance wi= th this and other profiles, for example, entity category tagging for comply= ing deployments.
The charter for the group was quite b= road, and the group could only complete one of the tasks assigned to it in = the time available. The other items that remain to be completed are t= he second and third items on the charter:
Sites=E2=80=99 policies an= d architectural choices integrated with their SAML deployment
The configuration of a dep= loyment to interoperate scalably with InCommon
The FIWG recommends the following act= ions to address these outstanding items:
Address deployment issues = remaining on the Interop Issues List[4]
Work with REFEDS and t= he Kantara WG-FI to revise the saml2int [2] deployment profile i= n alignment with the new implementation profile [1]
or, chart=
er a new working group to identify needed revisions to saml2int <=
a href=3D"#FinalReportFederationInteroperabilityWorkingGroup1-two">[2]
Charter a new TAC working = group to focus on InCommon deployment requirements (using the Interop Issue= s List[4= ] as seed material)
The FIWG recommends that the TAC work= with the Kantara WG-FI and eGov working groups to try and achieve consensu= s around a common profile for InCommon and the e-Government sector. This wo= uld increase interest in adoption and provide a long-lived home for the pro= file in a neutral body that already hosts the "saml2int" deployment profile= that was produced by the R&E community. Multiple Kantara participants = have expressed interest in this, and Rainer H=C3=B6rbe has offered to help = shepherd the draft through this process. In the event that consensus proves= impossible, the draft could still emerge as a Kantara document, or alterna= tively the TAC may consider other options such as the REFEDS publication st= ream.
Suggestion: Use Appendix A, Example 3= as the structure / language for IP turnover to the relevant Kantara Workin= g Group(s), from the Internet2 IPR: http://= www.internet2.edu/policies/intellectual-property-framework/#ap03=
Note: Nick Roy and Ann West of InComm= on have a meeting scheduled for Friday, March 4, 2016, to meet with Interne= t2 legal about the details of such a handoff of IP.
[1] = SAML V2.0 Implementation Profile for Federation Inter= operability
[2] = SAML= 2.0 Interoperability Deployment Profile
[3= ] Fedlab= span>
[4]= Interop Issues List
[5]= <= a href=3D"https://spaces.at.internet2.edu/display/FIWG/Federation+Interoper= ability+Working+Group+Home">InCommon Federation Interoperability Working Gr= oup Charter