Hola a todos!

This message went out to the SP Operators Group (forwarded with permission). I think members of this list might find the proposed federation baselines to be of interest, and I strongly encourage you to go take a look and offer comments. Additional information (including links) is below.

Heather Flanagan — Translator of Geek to Human
https://sphericalcowconsulting.com
---------- Forwarded message ----------
From: Alan Buxey <alan.buxey@myunidays.com>
Date: Jul 29, 2020, 8:29 AM -0700
To: spog@lists.refeds.org
Subject: [spog] REFEDS baseline expectations

hi,


Federated Access offers users a way to access online content in secure
and privacy-preserving ways. Establishing a federated authentication
workflow for Research and Education (R&E), however, requires trusted
entities — R&E Identity Federations — to coordinate the necessary
Trust, Scalability, and Interoperability. To enable this coordination,
REFEDS (the Research and education Federations group,
https://refeds.org) has launched a Baseline working group. The goal of
this group is to create a minimal Baseline of technical and
operational behavior that the Identity Providers (IdPs), Services
Providers (SPs), and the Federation Operators themselves must follow.
This baseline would be enforced by the Federation Operators. We are
asking for your input to develop these baselines.


The Baseline working group has been active since spring this year and
has started to draft the REFEDS Baseline Expectations. These
expectations will be described in a group of documents, the first
being a high-level holistic document that defines the conceptual
framework of the Baseline Expectations. After the group has finished
with the holistic document, the working group will create additional
documents that describe how the expectations will be applied in more
detail for different federation technologies.


The Baseline Expectations working group has its home in the REFEDS wiki space:


https://wiki.refeds.org/display/GROUPS/Baseline+Expectations+Working+Group


For the Baseline Expectations to be successful, we require the
feedback and input of all stakeholders in the ecosystem. Service
Providers and their customers are asked to read the current draft
holistic Baseline Expectations to get an understanding of requirements
and expectations that will be put to them going forward:


https://docs.google.com/document/d/1u0XuvPRFKH5RaDEcgdp3jyfgNZbWAR4Q1yl0GzNkCro/


We are particularly interested in knowing if these requirements are
sufficient, appropriate, and implementable, and if there are any gaps
in the expectations.


Whilst the REFEDS group is still working on the initial requirements
and documentation, we hope that the first Baseline target will align
fairly closely to what has already been achieved in the US with the
InCommon Federation , their initial Baseline document is here:


https://incommon.org/federation/baseline-expectations-for-trust-in-federation/

If you are already an SP operating in InCommon, you will already be
aware of these requirements and have undertaken work and processes to
align to them. If not, please can you spend some time looking over
this document and provide your feedback/views and opinions on the
requirements and please feel free to expand with other requirements
that you would like to see in future Baseline versions (InCommon are
already working on their next level).


Regards,


Alan and Pål, REFEDS Baseline working group co-chairs