Versions Compared

Old Version 19

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version 20

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Problem Statement

Operating a broadly compatible SAML-based service or identity provider can be challenging. The standards and profiles that are currently available leave a lot of room for interpretation and customization. While this allows for flexibility, it also results in issues that make interoperating in a federation significantly more complex than necessary.

...

This working group will identify additional areas where SAML2int is not specific enough for higher-ed and propose applicable extensions.

Charter

The Deployment Profile Working Group will:

  1. Develop a Deployment Profile that describes REQUIRED and RECOMMENDED practices for IDPs and SPs operating in the Higher Education and Research community. This profile could be layered on the existing saml2int profile, but that is just one option. However, the group should choose an approach that works best.

  2. If necessary and desireable, this Working Group will facilitate an effort to further evolve the current SAML2int profile.
  3. Identify which of these standards could be tested by InCommon if the federation wanted to insure full profile compliance by participants

The Interop Issues List created in FedInterop Round 1 can serve as point of departure for this work.

Notes

  1. The Profile developed by this effort will likely follow a path to international review and acceptance once this Working Group finishes its work.
  2. The discussions may identify Practices that Federation Operators should follow. The effort should develop a list of these, which would serve as input to a different effort.

Membership

Membership in the Working Group is open to all interested parties. In particular, the group should encourage international participation. Members join the Working Group by subscribing to the mailing list, participating in the phone calls, and otherwise actively engaging in the work of the group.

Stakeholders

The challenges in this area are somewhat different for IDP operators and SP operators. To propose a comprehensive profile extension, this working group will need to represent the current hurtles faced by both of these groups. Proposed solutions for IDPs will be specific to InCommon, layered on top of the federation-ignostic SAML2int profile. Proposed solutions for SPs will be broader and not specific to InCommon.

Work Products

  1. October 2016
    1. Produce a list of areas where extensions are needed to SAML2int for IDPs
    2. Produce a list of areas where extensions are needed to SAML2int for SPs
  2. December 2016
    1. Produce a list of needed extensions to solve these challenges
  3. February 2017
    1. Compose a deployment profile document based on identified solutions
    2. Identify testable components of extension profile

Related Resources

  1. InCommon FedInterop WG (Round 1) Wiki
  2. InCommon FedInterop WG (Round 2) Final Report
  3. FedInterop WG Interop Issues List
  4. SAML V2.0 Implementation Profile for Federation Interoperability - Kantara Draft
  5. The saml2int Deployment Profile.
  6. A list of proposed Changes to saml2int.
  7. A Draft IdP Deployment Checklist.
  8. Net+ Guidance for Services
  9. CIC Cloud Services Cookbook
  10. Good Federation Citizenship - IAM Online
  11. The Federation Lab SAML Test Suite (git)