Hola a todos!
This message went out to the SP Operators Group (forwarded with permission). I think members of this list might find the proposed federation baselines to be of interest, and I strongly encourage you to go take a look and offer comments. Additional information (including links) is below.
Heather Flanagan — Translator of Geek to Human https://sphericalcowconsulting.com ---------- Forwarded message ---------- From: Alan Buxey alan.buxey@myunidays.com Date: Jul 29, 2020, 8:29 AM -0700 To: spog@lists.refeds.org Subject: [spog] REFEDS baseline expectations
hi,
Federated Access offers users a way to access online content in secure and privacy-preserving ways. Establishing a federated authentication workflow for Research and Education (R&E), however, requires trusted entities — R&E Identity Federations — to coordinate the necessary Trust, Scalability, and Interoperability. To enable this coordination, REFEDS (the Research and education Federations group, https://refeds.org) has launched a Baseline working group. The goal of this group is to create a minimal Baseline of technical and operational behavior that the Identity Providers (IdPs), Services Providers (SPs), and the Federation Operators themselves must follow. This baseline would be enforced by the Federation Operators. We are asking for your input to develop these baselines.
The Baseline working group has been active since spring this year and has started to draft the REFEDS Baseline Expectations. These expectations will be described in a group of documents, the first being a high-level holistic document that defines the conceptual framework of the Baseline Expectations. After the group has finished with the holistic document, the working group will create additional documents that describe how the expectations will be applied in more detail for different federation technologies.
The Baseline Expectations working group has its home in the REFEDS wiki space:
https://wiki.refeds.org/display/GROUPS/Baseline+Expectations+Working+Group
For the Baseline Expectations to be successful, we require the feedback and input of all stakeholders in the ecosystem. Service Providers and their customers are asked to read the current draft holistic Baseline Expectations to get an understanding of requirements and expectations that will be put to them going forward:
https://docs.google.com/document/d/1u0XuvPRFKH5RaDEcgdp3jyfgNZbWAR4Q1yl0GzNk...
We are particularly interested in knowing if these requirements are sufficient, appropriate, and implementable, and if there are any gaps in the expectations.
Whilst the REFEDS group is still working on the initial requirements and documentation, we hope that the first Baseline target will align fairly closely to what has already been achieved in the US with the InCommon Federation , their initial Baseline document is here:
https://incommon.org/federation/baseline-expectations-for-trust-in-federatio...
If you are already an SP operating in InCommon, you will already be aware of these requirements and have undertaken work and processes to align to them. If not, please can you spend some time looking over this document and provide your feedback/views and opinions on the requirements and please feel free to expand with other requirements that you would like to see in future Baseline versions (InCommon are already working on their next level).
Regards,
Alan and Pål, REFEDS Baseline working group co-chairs