The 32nd meeting of REFEDS brought together nearly 80 participants, in person and remote, to discuss the latest in R&E identity federations. Held in conjunction with TNC16 in Prague, the usual Sunday meeting schedule was a great way to kick off a busy week.
The meeting started with an overview of the 2016 Workplan. From there, the meeting attendees discussed the latest news out of eduGAIN, including a briefing on the constitutional changes that will be introduced in 2016,updates from the REFEDS working groups, thoughts around federation interoperability, and updates from some of the participating regional federations.
One session, “A word from our customers” provided a slightly different perspective from the usual federation point of view. This session offered hard data from CILogon, the US National Institute of Health (NIH), and LIGO on the failures they see as they try to utilize federated identity. Chris Whalen represented the NIH use case for the collaborations underway that use the COmanage collaboration platform. So far, those collaborations have only a 17% success rate in enrolling the federated users who attempt to use their institutional identity. Identity federation promises so much, but with the reluctance of institutions to understand their risks and release attributes, we will not see that promise realized until something changes.
An update was given on the progress of entity categories within REFEDS. Although progress in adoption is slow, there is a steady increase on a month by month basis for the Research and Scholarship entity category and the GÉANT Code of Conduct but it is essential that federations step-up to the challenge of convincing IdPs to add support for these categories if we are going to solve the attribute release problem in the near future. To highlight this, Ann Harding gave out t-shirts to operators that have made a difference in supporting entity category usage within their federations – congratulations to Nick Roy, Lukas Hämmerle and Wolfgang Pempe!
A few years ago, one area of concern highlighted by federations was the lack of coordinated security incident handling. Supporting federated identities offers a great deal of efficiency and distributes the burden of identity management, but if an Identity Provider is compromised and username or password information is released, how is the SP supposed to know? The SIRTFI working group was formed to discuss this very problem, and as of REFEDS 32, the working group has successfully created a SIRTFI Trust Framework
specification and an associated service profile in the Level of Assurance (LoA) Profiles IANA registry
. To add the icing on this particular cake, a logo for the project was selected through a vote by the REFEDS community.
REFEDS work is never done, and by the end of the day, two new working groups were created by and for our community: the Assurance Working Group
, and the Entity Category Development Working Group
. The Assurance WG, chaired by Mikael Linden, seeks to work with the AARC project to develop a minimal assurance profile that can be self-assessed and self-asserted. From that baseline, they hope to further develop the profile so that it (or others based on it) can take into account the local constraints for federations and their organisations. The Entity Category Development Working Group, chaired by Nicole Harris, plans to further develop the entity category model to include additional categories beyond Research and Scholarship.
The next REFEDS meeting will be in December, but the work will continue on the mailing lists and where ever federation and campus identity operators meet.