It’s been one month now from the REFEDS gathering in Indianapolis. I was impressed to see so many people attending the meeting on a sunny and warm Sunday morning. REFEDS meeting was as usual very interesting; if anything I have the impression that there are so many things happening that one day meeting is almost not enough.
As we get close to the end of the year (and building on the feedback in Indianapolis), it seems the right moment to review what REFEDS has achieved so far.
- The old mediawiki was recently migrated to confluence, which is a much nicer wiki. Please report any broken links as you use the wiki.
- blog.refeds.org could benefit from additional blog items, volunteers are welcome.
- Plans are to revamp the refeds website at the beginning of 2015.
- REFEDS meetings – there are normally two main meetings per year, which are co-located with major events one of which being TNC. This year however, taking advantage of the European Identity Week (http://identityworkshop.eu/tiki-index.php) REFEDS will have another short meeting in Dec as well, focused on the plan for 2015.
- Assurance – this remains a difficult area. There is a need to establish what the ‘baseline’ common practices are for federations today. REFEDS is working to create an unspecified REFEDS Assurance Profile that can be met by all existing federations. Initial work is online at:
This baseline would ended in the same suite of FOP (see below).
- Still related to assurance, although not a REFEDS group (REFEDS only hosts them on the wiki), it is worth mentioning the work done within SIRTFI (see: https://refeds.org/meetings/oct14/slides/kelsey26oct14.pdf ). The aim is to focus on the need for better definition of security incident response within the context of identity federations.
- Progresses have been made in the area of Federation Operators Best Practice (FOP). This work is defining a Federation Operator Practice Guidelines which comprise of four documents, two of which available as draft. See: https://wiki.refeds.org/pages/viewpage.action?pageId=1605961. Comments are welcome!
- Standards and specifications – Main work in this area covers:
- SCHAC, the schema for academia. The aim is to harmonise the schema and deliver a consolidated version. This work is not funded with REFEDS budget. The plan is to move the management of SCHAC into REFEDS, once the schema is in order.
- Metadata Query Protocol – to retrieve set of metadata. See the work in progress RFC: https://datatracker.ietf.org/doc/draft-young-md-query/
- Entity Category SAML Attribute Types – the RFC on how to form entity categories.
- Entity Categories – Two categories so far:
- Hide from Discovery, approved rather fast,
- as opposed to R&S (Research and Scholarship category) that is undergoing a new round of consultation following the REFEDS meeting. LIGO is very interested in this category. There is discussion on whether to start a new category Library/affiliation, which is rather controversial as an equal number of people think this to be needed and not needed. InAcademia, the project funded by the GN3plus project, could probably benefit from this category. InAcademia aims to build a inter-federation service to assert ‘is this a student’.
- Working groups
- The FOG (Federation Operators Group) is a closed group where admission requires endorsement from two existing members. All discussion on the list is confidential. However some of the discussion can be useful to derive best practices.
- MARI (managing attribute release in interfederation use-cases) – Not a lot has happened. If nothing happens the group should be closed.
- Pilots – Two main pilots to date, MET and REEP. Work is planned to improve REEP UI.
On the new ideas front, I would recommend to look at Leif’s presentation on the IETF new working group Vector of trust. The idea to approach assurance in a more modular way. Four main vectors have been identified; for each of them they are identifying some characteristics that do not necessarily map existing frameworks, as well as their syntax. The resulting work would be used as the building block for existing and future trust frameworks. The gain of this approach would be to make comparisons easier, to have a common syntax and to allow IdPs to implement only one of aspects of LoA rather than a whole framework.
Back to the presentations in Indianapolis, I particularly enjoyed Scott Koranda’s talk. I like to hear real life problems VOs face with federations. The main issue they face is the lack of attributes from IdPs. LIGO is very interested in the R&S entity category.
His slides have a number of questions addressed to the REFEDS community. It would be nice to have some good answer to them.