Registry of Domesticated Applications

Definition of Application Domestication

The ability to externalize group management, authentication, and/or authorization from within the application, allowing for the use of federated identity by that application.  What does federated groups look like?  Would a situation like Confluence that can use LDAP for groups count as level 1 or level 3? Level of Domestication

Level 4 – planning stages only or not useful = blackbox, internal, not provisionable

Level 3 – LDAP or purely internal = internal, provisionable

Level 2 – Not standards compliant but offers a local something that could be standards compliant (if there is a standard) ; unsupported/community contribution plug-in = external, unsupported

Level 1a – Out of the box works with standard federated technologies, needs simple configuration without writing code = external, supported, federated
Level 1b – external, supported, some additional work needed

Include info on source code license agreements (apache, gnu, other?)

Targeted towards Application Integrators

App that has built in support for SAML is good, versus something that as in-house customizable thing that can be used; versus something that only integrates with LDAP (not nec. Useful in a federated environment); versus internal only

What to include – just ones we know about, some "FAQ" type ones, more
This is like calculating LOA. So overall, have a summary level that says, at the end of the day, the app is silver/gold/platinum (tin/pewter/aluminum); model the certification on the InCommon list

Compliance for data interchangeability