Problem Statement
When InCommon was created 10+ years ago, it was an explicit goal to keep the bar for membership and operational participation as low as possible. This helped to grow the Federation to its current size. However, this has also hindered interoperation. Members cannot make any real assumptions about policy, practices, and the supported functionality at other member sites when attempting to interoperate. Both IDPs and SPs suffer from this problem.
The current saml2int profile provides a baseline of required deployment practices. However, the audience for this profile is the broader SAML2 commnity, not just the InCommon Higher Education/Research community. In addition, there is an expectation that the saml2int profile is about to see another minor revision.
This group should develop an InCommon specific profile layered on saml2int.
While this group should focus its efforts on the needs of the InCommon community, it should also proceed undersgtanding that InComon is an active participant in eduGain, and that InCommon IDPs and SPs should be able to easly interoperate with sites outside of the US. In addition, over time, a deployment profile developed for InCommon might be adopted by the broader REFEDS community.
Charter
The Federation Interoperability Working Group will:
- Develop a set of proposed updates to the SAML2int specification in order to better facilitate interoperability.
- Produce a list of recommended/required deployment practices for both IdPs and SPs that would increase interoperability and security within the InCommon federation. The intention would be that sites following these practices would, to the extent possible, interoperate by default.
- Produce a list of recommended deployment practices for both IdPs and SPs that would improve overall usability of these sites.
- Identify items from the above that could form the basis for an InCommon interoperability testing regime.
The Interop Issues List created in FedInterop Round 1 can serve as point of departure for this work.
Membership
Membership in the Working Group is open to all interested parties. Members join the Working Group by subscribing to the mailing list, participating in the phone calls, and otherwise actively engaging in the work of the group.
Work Products
Timeline here...
Related Resources
- InCommon FedInterop WG (Round 1) Wiki
- InCommon FedInterop WG (Round 2) Final Report
- FedInterop WG Interop Issues List
- SAML V2.0 Implementation Profile for Federation Interoperability - Kantara Draft
- The saml2int Deployment Profile.
- A list of proposed Changes to saml2int.
- A Draft IdP Deployment Checklist.
- Net+ Guidance for Services
- CIC Cloud Services Cookbook
- Good Federation Citizenship - IAM Online
- The Federation Lab SAML Test Suite (git)