REFEDS 39 Wrap Up

With approximately 70 people attending, REFEDS enjoyed another highly interactive and informative meeting at the Internet2 Technology Exchange in Orlando. While the initial plan was to focus the agenda on just a few core topics, there was just too many interesting topics to discuss! The presentations are of course online for your viewing (or reviewing) pleasure.

As usual, the meeting started with a quick REFEDS tutorial and highlights from recent activities:

The Code of Conduct v2, aimed at SPs so they can assert they are ‘good citizens’ with regards to the GDPR requirements, was published in May. Implementing it, however, requires a monitoring body to be registered with a nation’s data protection officers – which no one knows how to do yet. So, stay tuned on this one!

Probably one of the more significant moments of the REFEDS meeting was the formal turnover for the management of the eduPerson scheme from Internet2’s MACE-DIR working group, now closed, to REFEDS.  The eduPerson scheme started nearly twenty years ago, “before there was a mechanism for moving attributes around” according to Ken Klingenstein (Internet2). With its transition to REFEDS, the focus will be on improving the internationalization of the scheme. More on the transition and future of eduPerson will be covered in a future blog post.

Attribute exchange is critical to identity federation, and improving the user experience is critical, too. With that in mind, discussion shifted from eduPerson to logos. Currently, there is no standard guidance around logos – their size, format, if and/or how they should be presented in metadata varies from federation to federation. The discussion at REFEDS was designed to inform the overall conversation, and further discussions continued later in the week at ACAMP. At the end of the day, one SP represented in the audience summed up the general feeling in the room: “We don’t care what the guidance is, just do something.”

A topic that remained hot throughout the week was OIDC. The OIDCre working group has been very busy, and a consultation on how to map SAML attributes into OIDC was  kicked off right after the REFEDS meeting. In addition to the consultation, the OIDCfederation draft needs more review. In particular, the authors are looking for additional use cases to explore the interesting possibilities around an OIDC federation.  While the standards body for OIDC is the OpenID Foundation (OIDF), more work might happen in REFEDS – one suggestion in the audience was to create an implementer’s group within REFEDS to help pool experience in deploying this kind of federation.

And speaking of new work in the federation space, the Federation 2.0 Working Group, chaired by Tom Barton (U. Chicago/Internet2) and Judith Bush (OCLC) kicked off last week as well. Tom Barton chaired the panel session around the next generation of federation, which included:

Two other ongoing working groups presented the latest in their space as well: Assurance and SIRTFI. For the Assurance WG, the SFA profile was published, but it’s worth noting that this new profile does not actually build on the earlier MFA profile. The SIRTFI group has two main items in their queue: completing the federated security incident response readiness documentation, and the creation of a requirements document for a SIRTFI+ registry. The registry would allow institutions whose federations do not support SIRTFI to assert into a registry that could then be (somehow) aggregated into a larger metadata feed. The details here are a bit fuzzy, so if you’re interested, join the SIRTFI working group to discuss!

While the Internet2 Technology Exchange is primarily a US-focused meeting, hearing about what’s happening in Europe is always interesting. Licia Florio and Marina Adomeit are the coordinators of the new GN4-3 Work Package. In scope for that project are improvements to eduroam, eduGAIN, eduTEAMS, and inAcademia. People can expect to see a more service-centric approach with specific service owners guiding each task component (Services, Incubator, Operations, and Enabling Communities).

Keeping with the global view, Heather Flanagan reported on what’s happening in the identity federation space around the world. In Central and South America, the RedCLARA made a strong point at their recent TICAL conference that it’s time to look beyond the network to the services that use the network. Supporting identity federation is critical to the services on those networks. In the Asia Pacific, the TF-IAM

group in APAN is moving beyond the need to understand governance and the value proposition for federations to needing hands on tutorials for how to stand up the necessary tools. In Africa, several of the regional NRENS such as WACREN and UbuntuNet are turning their attention to creating identity provider services for their customers. Every region has something happening in our space, and it is critical that we keep lines of communication open if we want the work to be interoperable and efficient.

The big picture view of the world, and REFEDS place in it, wrapped up with a discussion of how REFEDS should respond to the Federated Identity Management for Researchers (FIM4R) requirements. If you haven’t read the paper, you should, but the new requirements include:

Chris Phillips went into detail regarding how InCommon’s CACTI working group is responding to FIM4R. For REFEDS, however, the most immediate response is that the research representation that already exists within REFEDS needs to be maintained. We need to make sure we’re publishing solid advice around the usability issues important to all stakeholder community.