For many involved in trust and identity (T&I), the REFEDS meeting kick-started the beginning of TNC17 and paved the way to a week full of interesting talks and meetings.
Nicole Harris (GÉANT) welcomed the 90 attendees and gave an overview about REFEDS and the work carried out so far. Nicole reminded them that the REFEDS assurance framework is open for consultation until the 9th of June. The framework is a very good example of collaboration between the AARC project and REFEDS, as it takes the AARC recommendations as an input and expands that to a specification, leveraging the REFEDS well established processes. Mikael Linden (CSC) gave a more in-depth presentation on the assurance framework and the two profiles within it. The profiles follow a multi-dimensional approach to express the ability to meet different assurance requirements. Mikael also gave a webinar on this topic.
Still on the consultation subject, Nicole reminded that the Multifactor Authentication Profile (MFA) is ready for publication. With many thanks to InCommon/Internet2, for pushing this profile via REFEDS.
Brook Schofield (GÉANT) presented a history of the challenges of discovery, and proposed that it was time to think again about how to combine our experience with requirements expressed by publishers and researchers and deliver a scalable approach to discovery. Some NRENs and GÉANT have already made a joint proposal of work in the GÉANT project and would like to hear from more interested parties.
REFEDS hosts different working groups. A quick update was provided;
- Don’t miss Laura Paglione (ORCID) ’s report on the ORCID WG on Wednesday 31st of May
- Niels van Dijk (SURFnet) reported on the work done by the OIDC WG to map SAML and how to use OIDC as the underlying technology for federations.
- Sirtfi is in a very good shape and its adoption is well underway.
- The IdP of last resort (IoLR) has delivered a self-assessment tool by which un-affiliated IdPs can rate their services.
Lukas Haemmerle (SWITCH) presented InAcademia, to support services which do not need the full trust framework of eduGAIN (so no need for the service to implement a SAML SP and join a federation), but only a single attribute. Via InAcademia, these services can offer special conditions to students, for instance discounts etc.
Some federations can already use the services, for some others it may not be possible until they release the necessary information correctly. There’s a proposed fee for service providers, which will sustain InAcademia and eduGAIN, enable innovation and flow back to participating federations.
Davide Vaghetti (GARR) reported on eduKEEP, the project to investigate how to move from an organisation-centric identity management model to a user-centric model. Davide compared different eduID concepts in use in federations and discussed how they can be best adopted and interoperated with traditional federations across borders in eduGAIN. Topics included the implications of how to do attribute aggregation, quality of identities and the role of the institutions.
Ian Young (EDINA) reported on the ongoing updates to Shibboleth. The final v3 release is ready and will be used to prepare for v4 expected next year. SPv3.0 is expected in in 2017.
Ann Harding (SWITCH) called the community to keep supporting and contributing to Shibboleth long term sustainability. Shibboleth is a fundamental software on which the R&E community relies to run their identity federations. Funding at the moment comes through the Shibboleth Consortium; alternative ways have been explored. However, the Shibboleth Consortium is the only way to ensure stable funding to make longer term plans.
Henry Mikkonen (CSC) reported on the self-assessment tool that GÉANT is implementing following the AARC recommendations. The tool is meant to enable IdPs to verify compliance with the assurance profiles, Sirtfi and CoCo. The HAKA federation is already exploring how to use the tool.
Licia Florio (GÉANT) reported on the AARC project and the results achieved over the last two years. The goal of AARC is to increase the use of federated access in eScience communities and libraries. To achieve this, AARC delivered a blueprint architecture, a number of best practices and a number of pilots. For more information check out the AARC video.
Mario Reale (GARR) gave an update on the work undertaken by the Campus IdP team after the first year. The goal was to develop a campus IdP extension to the FaaS service for sites and regions who currently do not have the ability to support or offer a cloud IdP-type of service to campuses. The main achievements presented were the Cloud Campus IdP Catalogue, and the Ansible toolkit, a fully documented playbook to install and configure the IdP, to deploy a customised, completely configured Shibboleth IdP version 3.3.1. Plans for a Campus IdP platform have been presented, involving developments of an API server, a WebClient platform and a config DB. Design will be completed in the next weeks.
It was nice to see Jonathan Chang (JUCC) to give an update on Hong Kong Access Federation (HKAF). In response to the challenges identified by Johnathan to grow HKAF, Nick Roy (I2) highlighted work on large scale federation tools, and Peter Schober (ACOnet) and Ann Harding reminded the audience about GÉANT Federation as a Service, which is also available to non GÉANT members. For support, questions or request for the service contact email@example.com.
AAF, SWAMID, and UK federation also reported on the latest work.
It was an intense day with great discussions! And this was all before TNC17 even officially started – more to come!