...
- Making federation easier: Lowering the barriers to getting on the federation highway for institutions that are unable or unwilling to run their own IdPs and for SPs wanting to join InCommon
- Increasing the value of participating in InCommon: Increasing value proposition by thinking which wants and needs are valuable to the most people. This means solving the business case to maximize investments.
2021 Work Plan Items
Table of Contents | ||||
---|---|---|---|---|
|
(Working document of this work plan in Google Doc)
...
Adopt SAML Deployment Profile
...
- Final Report of the Deployment Profile Working Group
- Responses from the DPWG recommendations survey
- [Part1] SAML2Int Adoption Analysis - Common Requirements
- [Part2] SAML2Int Adoption Analysis - Service Provider Requirements
- [Part3] SAML2Int Adoption Analysis - Identity Provider Requirements
Suggestion/Action Item | Submitter | Description | +1s |
Task group to analyze profile and drafting recommendation for TAC review/adoption | Keith W | Albert W Judith B Mark R Steve P Janemarie | |
Consider R&E layer profile | Keith W | ||
What type of work is expected? Working Group, Liaison Efforts, Other? | Existing subgroup | ||
TAC Sponsor(s)/Champion(s) | Keith Wessel |
...
Subject Identifier
Develop rationale and recommendations regarding adoption of SAML Subject Identifier Attributes Profile across InCommon; recommend implementation and transition strategy.
...
- OASIS Committee Specification, SAMLV2.0 Subject Identifier Attributes Profile Version 1.0, January 2019
- Comparison of identifiers used in Federation
- Strategies for Working with Identifiers in Federation (working draft)
- Next Step on Identifiers (Deploying SAML Subject Identifiers in InCommon) (working draft)
Suggestion/Action Item | Submitter | Description | +1s |
Steven Premeau | |||
Complete the Strategies for Working with Identifiers in Federation document | Mary McKee Judith Bush Janemarie Duh | ||
Flesh out the Deploy SAML Subject Identifier in InCommon plan | Mary McKee Judith Bush Janemarie Duh | ||
What type of work is expected? Working Group, Liaison Efforts, Other? | Working Group Consider instead a subgroup that will watch the space and gather the data about where things are going. Outcome would be a set of requirements/recommendations and a proposed charter or report for next steps | ||
TAC Sponsor(s)/Champion(s) | Mark Rank (tend) |
...
Federation Testing
Problem statement: The InCommon community has been asking for an easier, more tangible way to validate that services planning to integrate with the Federation will interoperate seamlessly. In particular, a federation test environment has long been a frequently requested feature.
...
- Federation Testing ACAMP Session
- Proposed WG Charter
- Fedlab
- (Canadian Access Federation is also developing testing tool. No link yet)
Suggestion/Action Item | Submitter | Description | +1s |
Describe user stories for the user of a test federation | Matt B Judith Bush | ||
Draft requirements | Janemarie Duh | ||
What type of work is expected? Working Group, Liaison Efforts, Other? | Working Group | ||
TAC Sponsor(s)/Champion(s) | Janemarie Duh |
...
SeamlessAccess
Problem description: SeamlessAccess is a freely available IdP discovery service, designed using the information found in NISO’s “Recommended Practices for Improved Access to Institutionally-Provided Information Resources: Results from the Resource Access in the 21st Century (RA21) Project”. This service breaks IdP Discovery into two discrete and separable components: the search and discovery of IdPs, and the persistence of a user’s choice of IdP in their browser local storage. SeamlessAccess can be used by any entity that offers IdP discovery services, from SPs to federations themselves.
...
- SeamlessAccess UX Documentation
- Code Repositories
- Code Documentation
- thiss-ds-js: A set of clients for the discovery service. Can be used to implement a DS connected to a central persistence service.
- thiss-jquery-plugin: A jQuery plugin for building search-based identity selectors.
- this-mdq: An implementation of the metadata query protocol (MDQ) for JSON metadata only.
Suggestion/Action Item | Submitter | Description | +1s |
Promoting SeamlessAccess within InCommon by using SeamlessAccess itself for InCommon’s WAYF. | Janemarie | ||
Describe the potential user stories that will help us to determine requirements and priorities. | |||
Decide on project requirements from InCommon
| Mary McKee Janemarie | ||
Decide on whether there should be a single WAYF offered by the federation, or encourage individual SP implementations. | Mary McKee Janemarie | ||
What type of work is expected? Working Group, Liaison Efforts, Other? | Subcommittee with community consultation | ||
TAC Sponsor(s)/Champion(s) | Heather Flanagan |
...
Browser Technology Changes
...
- https://bitbucket.org/openid/connect/wiki/Browser%20Interactions%20Special%20Topics%20Call
- Internet2 Slack channel: #inc-browsers-and-sso
Suggestion/Action Item | Submitter | Description | +1s |
Lightweight tracking, reporting through the Slack channel. | Heather Flanagan | Hold for working group creation until 2022 (or something urgent happens) | Mark Rank Matt B Judith Bush Janemarie Eric G. |
What type of work is expected? Working Group, Liaison Efforts, Other? | Observe and report back | ||
TAC Sponsor(s)/Champion(s) | Heather Flanagan |
...
EDUCAUSE Federation Observations
...
Suggestion/Action Item | Submitter | Description | +1s |
Observation: InC Organizations change their IdP and in the process register under a new entityID | Mark | Judith Bush Janemarie Duh | |
Observation: InC IdPs assert they support R&S attribute release, but do not | Mark | ||
Observation: An InC organization will attempt to register an ADFS IdP but will statically configure SP metadata and will not load metadata changes made by SP until something breaks | Mark | Judith Bush | |
Observation: IdPs releasing attributes that should have a scope without a scope (for example eduPersonPrincipalName, eduPersonScopedAffiliation) | Mark | Judith Bush | |
First-hand observation: An InC organization has a name-based identifier that can change, thus breaking federated access to the service | Janemarie | Judith Bush | |
What type of work is expected? Working Group, Liaison Efforts, Other? | Observe and report back -- possibly consult for established working groups or committees | ||
TAC Sponsor(s)/Champion(s) | Mark Rank |
...
Assurance
Several groups (CTAB, REFEDS) have focused community efforts around assurance. TAC needs to stay aware of those efforts.
Link to related materials
Suggestion/Action Item | Submitter | Description | +1s |
Keep tabs on CTAB AAWG | Eric | ||
Keep tabs on REFEDS AWG | Albert | ||
What type of work is expected? Working Group, Liaison Efforts, Other? | Observe and report back | ||
TAC Sponsor(s)/Champion(s) | N/A |
...
HECVAT
Adding/improving federated IAM related criteria in HECVAT.
Link to related materials
Suggestion/Action Item | Submitter | Description | +1s |
What type of work is expected? Working Group, Liaison Efforts, Other? | Convene small group with HECVAT core team to develop details and action items | ||
TAC Sponsor(s)/Champion(s) | Mary McKee; Steven Premeau; Nicole Roy |
...
Template for New Proposed Work Item
...