Community Consultation on this report is planned for early 2019
Document Title: Final Report of the InCommon Deployment Profile Working Group
Repository ID: TI.119.1
Persistent URL: http://doi.org/10.26869/TI.119.1 (not activated yet)
Authors:
Keith Wessel (editor/chair) - The University of
...
Illinois https://orcid.org/0000-0002-8047-3187
...
Scott Cantor - The Ohio State University
Alan Buxey - MyUniDays, LTD.
...
https://orcid.org/0000-0001-8217-8379
...
Judith Bush - OCLC
...
https://orcid.org/0000-0001-6240-4121
...
Andrew Morgan - Oregon State University
...
https://orcid.org/0000-0003-0677-6988
...
Eric Goodman - University of California, Office of The President
...
https://orcid.org/0000-0002-5118-3009
...
Alex Stuart - JISC
...
https://orcid.org/0000-0003-4034-3748
...
Nicholas Roy - InCommon
...
https://orcid.org/0000-0001-6515-4316
...
David Bantz - University of Alaska
...
http://orcid.org/0000-0003-0028-9548
...
Christopher Phillips - CANARIE
...
https://orcid.org/0000-0001-5567-4916
...
Publication Date: TBDFebruary 14, 2019
Sponsor: InCommon TAC
© 2019 Internet2
This work is licensed under a Creative Commons Attribution 4.0 International License.
Introduction
The InCommon Deployment Profile working group was chartered by the InCommon Technical Advisory Committee (TAC) in the fall of 2016. The group was charged with creating a deployment profile that could be layered on top of the SAML 2.0 Deployment Profile, SAML2int, which was planned to receive a much-needed update. The working group would make the needs of the research and education (R&E) community known so that some could be incorporated into SAML2int; the remaining requirements would go into an R&E-specific deployment profile.
...
The SAML 2.0 standard has had a number of errata filed since its creation along with a number of suggestions placed in the SSTC-Jira backlog. The working group recommends that InCommon directs the OASIS SSTC to compile these changes and additions into the creation of SAML 2.1.
The now-final OASIS Subject Identifiers specification creates new identifier Attributes analagous to OIDC's "sub" claim that replace eduPersonPrincipalName and eduPersonTargetedID and all uses of SAML Name Identifiers. As both of these legacy attributes are part of the Research and Scholarship attribute bundle, the working group recommends study of how to evolve the successful R&S entity category towards a future state that encourages adoption of best practices.
Finally, the working group recommends some well-planned marketing and incentives to help InCommon participants achieve compliance. This could involve adding items to Baseline Expectations as noted above, but it also could include a badge or signaling in metadata. As with SIRTFI, metadata signaling could be self-asserted. InCommon might also want to consider a Baseline+ certification; participants who don't meet the extra requirements won't be removed from the federation, but those who do will receive additional benefits. Adherence to many items in this profile might fall into that category.
References
- SAML V2.0 Interoperability Deployment Profile: https://kantarainitiative.github.io/SAMLprofiles/saml2int.html
- Community Consultation Feedback and Responses: https://spaces.at.internet2.edu/x/GA