This is a revised Federation Testing Environment Working Group Charter, updated in September 2021
The InCommon community has been asking for an easier, more tangible way to validate that services planning to integrate with the Federation whether services will interoperate seamlessly when integrated into the Federation. In particular, a federation test environment has long been a frequently requested feature.
In 2018, InCommon Operations began drafting requirements for a “test federation”. Since that time, new and clearer interoperability standards (e.gthe Kantara SAML2 Deployment Profile interoperability standard (a.k.a., the Kantara SAML2 Deployment Profile) have emerged . and InCommon also transitioned to Baseline Expectations. These new developments will inform the design of federation integration testing tools aimed at easing deployment as well as producing a sustainable operating environment.
In 2020, The Federation Testing Environment Working Group coincides with the InCommon Technical Advisory Committee Committee’s (TACTAC’s) is focusing its work plan on easing federation onboarding and improving the value of federation. Producing a set of prioritized, actionable requirements for a federation test environment is among the activities toward that goal. This environment will be used both by current InCommon participants as well as the broader community interested in interoperating with services in the InCommon Federation to evaluate its offerings against federation requirements and best practices. The TAC is seeking community participation to build on the work done to date and to produce that set of requirements.work to prepare InCommon to adopt the Deployment Profile. The working group will support this by working through the specifics of how to allow InCommon, deployers, and implementers measure against the testable statements in the Deployment Profile. In order to clearly measure an entity’s success in meeting the requirements of the statements, there needs to be a set of reference / compliance testing tools on which the community can rely.
The InCommon Technical Advisory Committee (TAC) convenes the InCommon Federation Test Environment Working Group to identify and prioritize relevant testing and validation best practices, procedures, tooling, and environments when:
turn the Deployment Profile requirements into specific, implementable testing criteria and prioritize tests of specific functions while developing any needed compliance details. The result will allow InCommon to build testing tools to be used to measure an entity's compliance in cases where:
- an An existing or prospective InCommon Participant integrates services (identity provider and service providerIdentity Provider and Service Provider) via the InCommon Federation Federation
- The the InCommon federation operator introduces changes to federation Federation infrastructure
The Federation Test Environment Working Group should:
- Develop the testable Deployment Profile requirements into specific, implementable testing criteria
- Consider conformance validation opportunities for Deployment Profile statements in terms of
- Testable statements are a concern when either a deployment is registered in InCommon or software is implemented
- Compliance enforcement
- Federation interoperability testing
- Software conformance testing
- Develop any needed compliance testing details so that
- InCommon can build testing tools
- Participants / prospective participants / InCommon can use them to measure an entity's compliance with the testable statements in the Deployment Profile
- Consider how
- Evaluate the user stories identified by InCommon Operations and the TAC sub-group thus far;
- As appropriate, identify additional user stories to provide InCommon participants with testing and / or validation tooling to reduce for the statements reduces barriers to entry entering InCommon and to increase increases the overall value of participation in the InCommon Federation;Consider the testing needs of an identity provider, a service provider, as well as the Federation operatorFederation. Where relevant, capture any value statements for InCommon.
- Where possible, identify existing tools around the global federation community: understand what they test for and who finds the test result useful
- Assess each story for applicability and implementation urgency. Where relevant, suggest possible adoption challenges
- Focus on identifying testable items; recommend a prioritized list of implementation actions and how each supports the TAC’s goal to streamline integration with services in the Federation and to increase the value of participating in InCommon.
- Where the Working Group identifies items that are not readily testable, but important in support of the goals of easing integration and operating in a federated environment (e.g., identifier assignment/persistence practice within an organization), the Working Group is encouraged to note these in its final report and suggest further course of action where applicable.
- Focus on requirements and best practices of the InCommon Federation; inter-federation or other non-federation needs should not be made a priority.
Work Products / Deliverables
This working group The InCommon Federation Test Environment Working Group shall conclude its work no more than 6 six months from its initial convening date. The group will produce a written report at the conclusion of its proceedings. This report should examine use cases/user stories outlined
The final report should provide the recommendations referenced in charter items 1, 2, and 3 above. It should provide recommendations referenced in charter items 4, 5, 6, and 73, and 4. This includes:
- The specific, implementable testing criteria for the testable Deployment Profile statements - This is a set of prescriptive test specifications to make the criteria clear to InCommon for implementation. The tools will need to present results to testers in the form of information about what statements their entities met and did not meet and why.
- Tests of specific functions presented according to priority
- Any additional details necessary to ensure compliance with the statements
- Any memorable statements of the value that testing / validation tooling for the Deployment Profile requirements will bring to InCommon Participants and prospective participants (e.g., interoperability, etc.)
This report should capture the community’s needs for a Federation Testing Environment. The working group should not overly constrain itself with immediate implementation challenges. Instead, we strongly recommended that the report clearly prioritizes its recommendations based on community needs so that implementers can develop implementation It will be left to the implementers to develop strategies accordingly.
Should unforeseen reasons prevent the working group from completing its work at the end of the 6 months six-month period, the groups it should still produce a written report describing its work to date as well as recommendations for any follow-up actions.
Membership in the InCommon Federation Test Environment Working Group is open to all interested parties. The solicitation will take place on the InCommon Participants list. TAC leadership may explicitly name key stakeholders to participate in the working group to ensure balanced representation from IdP, SP, and Federation operators. Members with software development experience will be critical to the success of the group. Members join the Working Group by subscribing to the mailing list and Slack channel, participating in the calls, and otherwise actively engaging in the work of the group.
- InCommon Federation Adopts SAML V2.0 Deployment Profile
- Draft InCommon Test Federation Requirements from Nicole Roy - https://docs.google.com/document/d/1vQ_jk7ApSpuClTiQCTqcmbjpGXRpPT0VLbfwD0MEaOI/edit#heading=h.5xox0fk8w6i
- Test Federation User Stories and Planning Sub Group notes -
- Working draft location of the working group charter -