Box Bucket of End Entities Registry
REfeds is setting up a lightweight, universal service to permit certain organizations to post their SAML metadata (representing both SAML and non-SAML endpoints) for broader consumption. It is intended as a quick activity to catalyze broader easier international use of federated identity. The service is not intended to be a replacement for federation or inter-federation, but is intended to be a tool supporting such activities. The service is intended to be operational Jan 2011. It may be operated by an interim operator and move to a permanent home if the service is seen as useful.
The service is intended to begin by serving a limited set of use cases, with additional use cases being brought in as policy and technology permit. We intend to be agnostic in accepted metadata, but will do schema validation on a controlled set of technologies, including SAML 2.0 and OpenId and IMI. The metadata assembled will depend on the use cases but will minimally support key changeover, and possibly organizational and contact information.
The service is not intended to be a replacement for federation or interfed, but is intended to be a tool supporting such activities. The trust associated with the entries in BEER , is based on demonstrated ownership of the domain. Consumers of the metadata are expected to understand this.
The service is not intended to address the privacy dimensions of this problem space. Federations that import metadata from BEER are expected to address privacy considerations such as required ARP's themselves.
Registrants come to the service with the expectation that they are publishing their metadata without constraint. Federations that use BEER may well constrain what information they import.
The service will have a standardized metadata tagging service. Tagging should be done by registrars and aggregators, but not by EE or queries (they can use the tags). Semantics The semantics of the tags needs to be worked out.
Targeted use BEER user stories include:
As a The standard service provider , story. The Czech medical atlas wants a single point of registration metadata in order to cut down on the work that they need to do with all the federations that want to use the medical atlas. As a service provider, Eg. the spaces wiki wants to have the same. E.. As a service provider, g. the REfeds wiki
As a consumer of metadata from BEER, I want the metadata to be a full representation of all the data in BEER about the entity in question in order to not depend on proprietary interfaces
As a consumer of metadata I need to know and understand the level of assurance with md metadata published by BEER in order to support my business processes.
As a consumer, I require clarity on the LOA associated with each part of the published mdmetadata. (Know whatwho has supplied which items of metadata to BEER)
As a consumer I need contact info for all metadata
As a consumer, I want the problems of md metadata in order to evaluate its trustworthiness.
As a consumer, I need a human-readable descriptor of each entity. As a registrant I want to be able to insert a human-readable descriptiordescriptor.
As a registrant, I want to be able to delete my mdmetadata, even though it may not purge all traces of my mdmetadata.
As a registrant, I want the service to publish appropriate caching hints in order to ensure that stale metadata doesn't live forever.
As a registrant, I want to be able to transfer control of md metadata (permission to modify)
As a domain owner, I want to be able to delegate all or part of the registration and administer md metadata on my behalf.
We have a set of user stories that are sufficient to set up a first generation BEER service.
Prioritization is next for the service, not the tool
Stick this on spaces.
Conf call next week.
The Janus use cases have either been labeled non-goals or included in the above list. Jacob will reword the BEER use cases and include those from Janus.
The Janus software may need to have too much ripped out to just do these services. Or it may not deal with the generality required. Either a fork or a new code.
Modularizing the Janus software might be hard - current code structure and problems with SSP dealing with md metadata
* The software