...
(Working document of this work plan in Google Doc)
...
2022 Work Plan Items
These are TAC's focused work items for 2022.
...
Suggestion/Action Item | Submitter | Description | +1s |
Find participants | Judith B | ||
Develop out a plan of attack and have a clear ask of the people we recruit | Judith B | This could provide a clear work scope and be less open ended: “Can you write testing requirements for the deployment profile/SAML spec X?” “Can you review the list of testing priorities for IdPs/SPs for missing test targets? | |
What type of work is expected? Working Group, Liaison Efforts, Other? | Working Group | ||
TAC Sponsor(s)/Champion(s) | Judith Bush | ||
Standing Items
In addition to focused work items, TAC tracks additional work and happenings in the community and industry. When As appropriate, TAC will react/esclateescalate.
Browser Technology Changes (user tracking) and impact on Federation
...
Volunteers: Jim Basney; Scott Korenda; Albert Wu
...
A number of institutions have recently migrated its IdP from one platform to another. In the process, they are changing their IdP entity ID. On the other side, some SPs implement rules binding a user’s access to a particular entity ID. If the IdP’s entity ID changes, the user loses access
This phenomenon seems to be happening more frequently with staff turnovers and campuses facing major upgrade/migration of their IdPs. How can TAC/InCommon help to resolve this matter?
Questions include:
- What is the IdP operator’s responsibility when making such transition?
- What should be the SP’s expectations regarding the IdP’s entity ID?
Potential Actions
- Survey of cloud provider options: how many require the provider’s entity ID, how many default to a provider entity ID? - could be the basis of a guide to prevent inappropriate entity ID switch overs
- Best practices in migration between IdPs? Best practice’s when your institution’s branding changes? Explanation that the entity Id need not be the same URL as the IdP? - Could clear up misconceptions about entity IDs
Link to related materials
...
Suggestion/Action Item
...
Submitter
...
Description
...
+1s
...
Observation: InC Organizations change their IdP and in the process register under a new entityID
...
Mark
...
Judith Bush
Janemarie Duh
...
Observation: InC IdPs assert they support R&S attribute release, but do not
...
Mark
...
Observation: An InC organization will attempt to register an ADFS IdP but will statically configure SP metadata and will not load metadata changes made by SP until something breaks
...
Mark
...
Judith Bush
...
Observation: IdPs releasing attributes that should have a scope without a scope (for example eduPersonPrincipalName, eduPersonScopedAffiliation)
...
Mark
...
Judith Bush
...
First-hand observation: An InC organization has a name-based identifier that can change, thus breaking federated access to the service
...
Janemarie
...
Judith Bush
...
What type of work is expected? Working Group, Liaison Efforts, Other?
...
Observe and report back -- possibly consult for established working groups or committees
...
TAC Sponsor(s)/Champion(s)
...
Mark Rank
Assurance
Several groups (CTAB, REFEDS) have focused community efforts around assurance. TAC needs to stay aware of those efforts.
Link to related materials
...
Suggestion/Action Item
...
Submitter
...
Description
...
+1s
...
Keep tabs on CTAB AAWG
...
Eric
...
Keep tabs on REFEDS AWG
...
Albert
...
What type of work is expected? Working Group, Liaison Efforts, Other?
...
Observe and report back
...
TAC Sponsor(s)/Champion(s)
...
HECVAT
Adding/improving federated IAM related criteria in HECVAT.
Link to related materials
...
Suggestion/Action Item
...
Submitter
...
Description
...
+1s
...
What type of work is expected? Working Group, Liaison Efforts, Other?
...
Convene small group with HECVAT core team to develop details and action items
...
TAC Sponsor(s)/Champion(s)
...
Mary McKee; Steven Premeau; Nicole Roy
Template for New Proposed Work Item
Item Title
High-level description of new work item.
...