InCommon Technical Forum
2011 Internet2 Fall Member Meeting
October 5, 2011
RL “Bob” Morgan reviewed the technical initiatives underway, including a number of items that will soon be deployed.
- Default Attribute Bundles to streamline boarding of a subset of service providers (https://spaces.internet2.edu/x/962KAQ)
- InCommon recommended practices (introduced at CAMP) (https://spaces.internet2.edu/x/Z4AXAQ)
Additional information in metadata
- Required attributes - SPs express which attributes they require
- User interface elements
- Contacts – clarifying what we want/expect from IdPs
- Assurance – InCommon expects to be ready to certify IdPs for Silver in early 2012
- SP error handling (improving the user experience when attributes are missing and access deined)
- Delegated administration of metadata
Statistics and business intelligence
- Gathering/providing more information about the federation and its use.
- Also deeper issues, such as who is using services and which services are being used.
- POP revision
- FICAM (federal identity initiative)
- Metadata vetting policy
- SAML ECP support
- Decommissioning of the WAYF
- XML submission of metadata
- Participant web pages
- Metadata-driven web pages
- Important to evangelize with these and support what they are doing.
- This is a new project that is looking at the possibility of a common identity process for high school students taking standardized tests and using the common application (and whether these students could receive an central identity, vs each school to which they apply providing an identity).
- Client certificate
- Second factor authentication
Bob reviewed the recommended practices program, which was fist introduced at CAMP 2011 (https://spaces.internet2.edu/display/InCCollaborate/Recommended+Practices+for+InCommon+Participants)
There has been quite a bit of discussion about what to include in these practices and how to provide incentives for participants to adopt these practices. The goal is to make things more predictable and to provide increased value by having these practices widely adopted.
Bob highlighted some of the recommended practices:
- Federated security incident response
- Metadata consumption – refresh and verify daily
- SAML endpoints - some new features – new metadata elements, assurance – will only be available via SAML 2.
- Contacts in metadata
- Four kinds – technical, administrative, security, support.
- We’re recommending using aliases, mailing lists, trouble tickets, etc., rather than specific individual emails
- Admin contact is now seen as the contact that can deal with attribute release policies.
- We will likely do one or more webinars on the recommended practices.
There are still some questions to be answered, including how a practice gets on the “recommended” list and whether there is a process for vetting such requests. Might there be community voting or some other method?
There were three demos at the end of the session:
- The forthcoming metadata-driven web pages
- delegated administration of metadata
- a proposed central error handling service, targeted at R&S category of SPs, that would provide more information for users as to why they can’t get access and what their next step(s) might be.