REFEDS held its 43rd meeting on 30th September 2021 as an early kick-off to the InCommon CAMP / ACAMP week. After much reminiscing and working out that we would have been visiting Oklahoma City if we could have met face to face, the group got to work. As our meeting in June was very presentation led, we decided to make this meeting discussion-based. Three topics were on the table for debate:
- The proposed REFEDS Strategy.
- The proposed Personalized Entity Category.
- Support for Name Identifiers.
REFEDS has been in operation for 16 years and up until now, we have never had a strategy. The process has tended to be fairly lightweight, with a simple participation model, a simple funding model and a simple annual plan. However, the environment has changed significantly since REFEDS was started and it has become increasingly important to be able to position ourselves in alignment with other groups and have a clear message and remit for our work. As such, the REFEDS Steering Committee worked with the REFEDS Coordinators to produce a first draft of a strategic plan for REFEDS.
Discussions in the meeting were broadly positive, but more work is definitely needed on the audiences section of the document. The group debated issues related to how far REFEDS can go to advocate to end entities, what the relationship of REFEDS is to eduGAIN and how we ensure we deliver consistent goals within our limited resources. Aligning the strategy with the work of the Federation 2.0 working group was also highlighted as an essential step.
Personalized Entity Category
The Personalized Entity Category is the proposed successor to the R&S Entity Category and takes our approach to managing this Entity Category in a very different direction. Instead of attempting to define a service-type as an indicator of trust, the new category focuses on the core needs of attribute release and a process for checking that a Service Provider has a proven need to receive attributes – simplifying the process of satisfying data protection requirements. Additional benefits include the creation of a neat family of entity categories alongside the existing Anonymous and Pseudonymous categories.
The meeting also discussed whether there was still benefit in trying to define types of entities given the issues with implementing R&S and the previous failed attempt to define “academia”. There were differing opinions on this point, and the concept will continue to be monitored by REFEDS.
The Issue with Identifiers
The final discussion topic was on the issue with managing identifiers for users as signalled by Identity Providers. The most recently published and proposed Entity Categories for REFEDS signal a move away from eduPersonTargetedID and eduPersonPrincipleName to the use of pair-wise and subject IDs. This is supported by the deprecation of eduPeronTargetedID and a need for a more coherent approach to the use of identifiers.
Any migration will inevitably lead to issues with service delivery and problems with account linking. The problem with be exacerbated if the community moves at different speeds in trying to address this problem. Several Service Providers in the room gave an detailed overview of the problems they experience when organisations suddenly change their identifiers without notice.
This is inevitably going to be a complex issue, so we asked participants if there is anything REFEDS can do to help. The following proposals were made:
- Create a clear and consistent best-practice approach to migration.
- Collect information from federations about their migration plans and materials.
- Work with federations to try and move as consistently as possible to the new identifiers.
The REFEDS Coordinators will be working on this issue with the community.
With people’s brains firmly overloaded, we finished up the meeting. We hope to see some of the discussions continue in ACAMP next week!