As we begin to draw towards the end of another REFEDS working year, it is time to start reviewing where we are with our work-areas. Following on from the FIM4R meetings, REFEDS established a work-area aimed at engagement with eResearch initiatives and produced a response to the FIM4R paper.
Below are the highlights and summary of a paper sent to the REFEDS Steering Committee Addressing progress in this area. Any thoughts or ideas you might have to support these suggestions is much appreciated. The FIM4R paper and the response from REFEDS identified priority response areas. These are addressed in turn below, along with progress on the REFEDS front.
1. Federated access for web and non-web applications
REFEDS has not played a significant role in this area and is mostly monitoring work on Moonshot in GEANT3+ and the abfab and kitten working groups within IETF. One possible future proposal for REFEDS is to work with Moonshot on policy issues relating to Moonshot deployment. The joint REFEDS / GEANT work to create an Identity Federation Policy Template is specifically framed to permit its re-use for any technology profile, including RADIUS, SAML and Moonshot. It does not appear that work in the Moonshot area has yet progressed to a level to make this a priority for 2014.
Progress: as expected, monitoring.
Recommendations: continued monitoring.
2. IdPs not always releasing attributes
Significant work has taken place in 2013 to improve this problem area. The Code of Conduct and Research and Scholarship Entity Category work is nearing completion and REFEDS has committed to taking a leadership role in defining definitions for Entity Categories. It is important that REFEDS works to encourage federations to implement support for Entity Categories, to help federations communicate their efficacy to IdPs and SPs and to promote this back to the eResearch communities.
Progress: as expected, to be finalized in 2013.
Recommendations: strong promotion campaign in 2014.
3. IdPs for guest users
This work-item was specifically parked in 2013, and a general recommendation from REFEDS has been to typically a) use social identities where possible or b) use federation provided ‘IdPs of last resort’ where available. This does not seem to have solved the issue and such as IdP was a frequent request throughout the recent workshops.
Implementing a single ‘IdP of last resort’ would have service and management implications for REFEDS and would not be something to engage in without a clear sustainability plan. SWAMID have recently created a large student ‘social’ IdP and the code is available as open-source and GARR have produced interesting IdP in the Cloud tools. These could be used to either creating a central IdP or distributed guest IdPs managed by federations (or a hybrid of both).
Progress: none, workitem parked.
Recommendation: ask the community to vote on a clear plan for either a centralized IdP or distributed guest IdPs at federations based on SWAMID code.
4. Attribute authorities that handle attributes for specific communities
Despite significant interest from REFEDS participants, very little work has progressed in this area. The role of the attribute authority is still poorly defined; NSTIC work that had proposed to specifically focus on this issue is not moving forward as swiftly as it expected. REFEDS has lacked someone to drive this forward and any real use cases to push need.
One suggestion from the workshops was rather than focus on specific community needs, to look at working with more generic attribute authorities. A possible example is ORCID, which acts as an authority for ORCIDs. There are various possibilities with ORCID, from simply passing ORCIDs as attributes, to exploring use of the ORCID API in identity federations to using ORCID as an attribute authority. More in-depth discussion with ORCID would be needed before taking this forward.
Recommendations: unclear at this stage, for discussion – possibly arrange further discussion with ORCID?
5. Support for different LoAs
REFEDS has spent resources on this area in 2 ways this year:
- Firstly by defining the problem space and looking at how current proposals compare with LOA approaches at Kantara.
- Secondly by focusing on the need to provide a clear baseline assurance within federations by aligning Federation Operator Practises (FOP).
A proposal for a baseline FOP has been prepared and is now being discussed by REFEDS. This could be used in several ways:
- As a document in the suite of requirements started by the template policy document;
- As a ‘tick-box’ statement to be used by federations to quickly express what their operative practises are.
- As a machine-readable statement that could be read by other federations / interfederations / policy engines.
- As something that helps more clearly define the eduGAIN Metadata Registration Practise Statement (MRPS).
Work on finalizing the content of the FOP will be finished in 2013. Discussion should take place as part of the workplanning for 2014 about next steps. This work was well received at the workshops in Helsinki, with SPs often stating that they wanted a clear way of being able to tell if a certain federation carried out or asked for any specific type of vetting / user accountability activities.
Progress: as expected, to workplan.
Recommendation: discussion as to how to implement according to points b-d above.
6. Attributes Harmonisation.
Focus in this area has shifted more from discussion on attribute harmonisation and more to attribute extension, and the sustainability and renewability of existing schema. It is recognised that SCHAC needs significant work and permanent home, and as such has been passed across from tf-emc2 to REFEDS this year. Questions have been raised as to whether this should be more closely aligned with eduperson and the Entity Category work in terms of maintenance and administrative support.
REFEDS had no specific workitems planned for 2013 in this space but has adopted some new action requirements for attribute schema in the course of the year.
Progress: new work identified during year.`
Recommendations: fund someone to focus on SCHAC work in 2014 and continue conversations around best home for attribute / schema registries.