Problem Statement
Operating a broadly compatible SAML-based service or identity provider can be challenging. The standards and profiles that are currently available leave a lot of room for interpretation and customization. While this allows for flexability, it also results in issues that make interoperating in a federation significantly more complex than necessary.
Kantara is currently working on an updated version of the SAML2int profile which will define clearer standards for interoperability. This will help in general, but the Higher Education and Research community has more specific needs than this profile will address. The higher-ed landscape is very different than other areas leveraging this profile. Ten plus years of experience with Federation in the higher-ed space has led to rough consensus around a set of practices that go well beyond the current saml2int profile. To work toward better interoperability in higher-ed, extensions are needed to the SAML2int profile specific to the environment.
This working group will identify additional areas where SAML2int is not specific enough for higher-ed and propose applicable extensions.
Charter
The Federation Interoperability Working Group will:
Develop a profile layered on saml2int that describes REQUIRED and RECOMMENDED practices for IDPs and SPs for the Higher Education and Research community
- Identify which of these standards could be tested by InCommon if the federation wanted to insure full profile compliance by participants
The Interop Issues List created in FedInterop Round 1 can serve as point of departure for this work.
Membership
Membership in the Working Group is open to all interested parties. Members join the Working Group by subscribing to the mailing list, participating in the phone calls, and otherwise actively engaging in the work of the group.
Stakeholders
The challenges in this area are somewhat different for IDP operators and SP operators. To propose a comprehensive profile extension, this working group will need to represent the current hurtles faced by both of these groups. Proposed solutions for IDPs will be specific to InCommon, layered on top of the federation-ignostic SAML2int profile. Proposed solutions for SPs will be broader and not specific to InCommon.
Work Products
Timeline here...
Related Resources
- InCommon FedInterop WG (Round 1) Wiki
- InCommon FedInterop WG (Round 2) Final Report
- FedInterop WG Interop Issues List
- SAML V2.0 Implementation Profile for Federation Interoperability - Kantara Draft
- The saml2int Deployment Profile.
- A list of proposed Changes to saml2int.
- A Draft IdP Deployment Checklist.
- Net+ Guidance for Services
- CIC Cloud Services Cookbook
- Good Federation Citizenship - IAM Online
- The Federation Lab SAML Test Suite (git)