You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Assumptions:

  • We assume the number of connected entities is less then X (<50)

Open Question:

  • Do we have 1 entity endpoint (so only the whole proxy), or do we publish seperate endpoints for each and every entity we have connected?

Proposed features

To be prioritised for a MVP

  • Translating between SAML and OIDC

Audit trail

"Proxy Wizard"

  • Ability to configure entities preloaded into the proxy based on entity federation metadata

Proxy Administration

  • Local accounts and roles? Or a single admin user?

Federation Management

(Primary) Entity management

  • Configuration of SAML IdP
  • Configuration of SAML SP
  • Configuration of OIDC OP
  • Configuration of OIDC RP
  • Generic config management
    • Export/import of config items/entities
    • Copy/delete (copy as poor man's versioning, should it also work on groups of items)
    • Editing of entities in the GUI (common configuration items, protocol specific features)
    • Raw config edit
    • Apply config
    • Git config save
    • Generic post processor for configs (could be used to implement (config and Git push)
  • Management of individual IDPs/Authorisation Servers/OPs and SPs/RPs/clients within the proxy (naming - "client" is more an Oauth2 term and too overloaded)
  • Config checks (could also be one of post-processors)
  • Versioning
  • Rollback from Git (Git config restore)
  • Topology graph
  • Management of multiple proxy instances
  • Management of proxy (related) data for individual entities
  • Entity lifecycle (expressed as states in the GUI? - what is the consequence of being in a certain state?)
    • Draft
    • Test
    • Production
    • Support for parked entities/configs
    • Logically deleted

Other

  • GUI for internal admin of the proxy (for key internal settings apart from managed services' configs)
  • Federation/eduGAIN support
  • Additional support for federated identity management - what specifically?
  • API to access/edit service configuration/history???
  • Validation of encryption and signatures of entities and their messages
  • Enforcement of authentication and authorization policies - defined locally or by IdPs?
  • Integration with MFA by the proxy
  • Reporting and analytics
    • Statistics
    • Issues
    • Events/logs
  • Step back/forward during config changes (Step-by-step wizard for adding a new entity/item)
  • Dynamic updates to the configuration without requiring a full restart of the proxy service (GUI is apart from proxy services)

Managing (meta)data exchange

  • Management of attribute filtering between IDPs and SPs?
  • Management of mapping of attributes
  • Attribute transformation rules?
  • Setting of attribute values - for which entities?

Key concepts and their (alternative) names

Proxy

Entity

Configuration

IDP/Authorisation Server/OP

SP/RP/client

...

  • No labels