Federated identity management has always been the heart of many services that GÉANT offers its constituents. As technology continues to advance, the need for secure and reliable identity management is becoming increasingly crucial. In the field of research and education, this is especially important, where secure access to shared resources is paramount. The GN Trust & Identity work package has been providing central services such as eduGAIN or InAcademia for years. Although these are being continuously improved, for a long time there was no room for creative or disruptive developments that were not directly related to one of these services, such as new technologies or protocols. Enter the GÉANT Trust & Identity Incubator – an innovation hub designed to foster novel ideas and advance identity management in our community.
The Incubator, which is run by Task 5 of WP5 (Trust & Identity) in GN5-1, tests and experiments with new concepts, as well as investigate new features for existing GÉANT services. Business case development for potential new services and developments that improve data protection and privacy aspects are also in scope.
So, how does the Incubator work? Well, it operates on an agile development methodology, which allows it to explore ideas more flexible than traditional project management approaches. Once a topic is selected, the team can almost immediately begin investigating and is able to deliver results very fast. To cover many different topics during one project phase, the Incubator runs multiple iterations – ‘Incubator cycles’ – during the course of two years. Each of these cycles is divided into six ‘sprints’ of five weeks each and focuses on a new set of topics. This approach allows the team to develop and iterate their ideas quickly, with each sprint culminating in a demo to showcase their progress.
What sets the Incubator apart is its commitment to community engagement and collaboration. The process of introducing new activities to the Incubator has been designed to be as simple as possible to allow everyone in the T&I community to share innovative ideas. Every community member can propose a topic using a simple “Call for Ideas” page in Confluence where anyone can add their own ideas [https://wiki.geant.org/x/jwATIw]. Don’t hesitate to share your own ideas!
About two months before the start of a new cycle, the community comes together to discuss the ideas and identify the most important topics. New activities are selected afterwards based on their popularity and the team’s capacity. This process ensures that the Incubator addresses the most pressing issues in our community.
Activities in the current cycle
The current cycle, which began in February, is the first one in GN5-1. The team is working on four topics, each with its own unique challenges and opportunities:
- Personal Profile Page
The first activity aims to improve the personal profile page, building on a successful project from GN4-3. By developing a prototype of a Shibboleth/SimpleSAMLphp module to show a user login history, the team hopes to enhance the user experience and make it easier for users to take control about what they release to services.
- geteduroam Linux Client
In the second activity the team is working on implementing a Linux version of the geteduroam client. By making the client accessible to a new platform, the team hopes to increase adoption and encourage more users to use this easy way of configuring eduroam.
- OIDC Federation for SimpleSAMLphp
The third project aims to add native OIDC federation support to SimpleSAMLphp. This will enable IdPs to support OIDC without changing their existing infrastructure.
- Passwordless authentication with Passkey
Finally, the Passkey project aims to investigate passwordless authentication in the context of identity federations. This new approach will provide valuable insights into the feasibility and potential benefits of Passkeys as a first factor or even an MFA alternative.
Plan and demos in GN5-1
The sprint demos held after each sprint are a vital part of the Incubator process. These demos allow the teams to showcase their progress, receive feedback from peers and stakeholders, and improve their ideas based on that feedback. There is always a demo in the middle of a cycle and one at the end to present the final results. Both of these events are public demos for the entire community, making it a great way to share the project’s progress and outcomes with a wider audience. The dates for all demos in GN5-1 are already set, so mark them in your calendar!
| Incubator cycle | Mid-term demo | Final demo |
| Feb 2023 – Sep 2023 | 23 May 2023 | 05 Sep 2023 |
| Sep 2023 – Apr 2024 | 09 Jan 2024 | 23 Apr 2024 |
| May 2024 – Dec 2024 | 03 Sep 2024 | 17 Dec 2024 |
So, there will be two more cycles in GN5-1. This also means that there are two more opportunities for you to submit your ideas! Everything in the area of Identity and Access Management, Standards and Protocols or Security and Privacy might be suitable for the Incubator.
There are even more possibilities to collaborate with the team. Instead of just submitting your topic and waiting for results to come back, you can actively work on your idea. It is possible that you or one of your peers joins the Incubator for one cycle as a subject matter expert. That allows you to claim time on the Incubator task and implement your project together with the rest of the team.
Read more about the Incubator in our previous articles from GN4-3 [https://connect.geant.org/trust-and-identity-incubator].
If you have any questions, comments or ideas, don’t hesitate to contact Niels van Dijk or Michael Schmidt.
