Goal
Current identity federations in the academic area are, with almost no exception, SAML2 based. There is however a strong and rising interest for using OpenID Connect as a protocol for identification and authentication. There is, however, no support for building federations in the basic standards of OpenID Connect, for identity federations as we know them currently in the academic area. Roland Hedberg et al., have written a specification for creating an identity federation using OpenID Connect, hereby taking into account some lessons learned from the identity federations as we know them know.
The GN4-2 Trust & Identity Next Generation Technology task is taking the next step by further implementing and developing the specification, with as goal to create running implementations with the tools needed to run it as a federation and the creation of a technology profile for eduGAIN
As the first set of milestones are set for June 2017, we want to gather with people involved in the GN4-2 project on this topic and with other interested participants in this work. This in order to review the first milestones and to get feedback and new ideas on the work from those participants who are not directly involved. Based on this we want to identify new possibilities to collaborate and to identify (new) work to be done.
Registration
Registration
Please register your attendance: https://eventr.geant.org/events/2654
Agenda
From | To | Topic | |
---|---|---|---|
09:00 | - | 09:30 | Welcome, Introductions & Expectations |
09:30 | - | 10:00 | OIDCfed & Federations (results survey) (10 min), Discussion on what's needed & feedback (20min) |
10:00 | - | 12:00 | OIDCfed Specification (15 min), |
12:00 | - | 12:30 | Determine Open Space topics |
12:30 | - | 13:30 | Lunch |
13:30 | - | 14:15 | Open Space session 1 |
14:15 | - | 14:30 | Break / Change |
14:30 | - | 15:15 | Open Space session 2 |
15:15 | - | 15:30 | Summary of Open Space |
15:30 | - | 15:35 | Grap a quick coffee |
15:35 | - | 16:00 | Wrap Up and determine next steps |
Topics
- Do you have or expect to have a mobile application in your organization that could benefit from OIDC's support to "native apps"? Example scenario: "We have a mobile app that, upon successful authentication via LDAP, gives access to our internal VoIP system, allowing performing voice calls to the physical devices located at the different offices around the campus. Replacing this organization-only authentication with a federated one, visitors would be able to to call their hosts or any other administrative destination with no cost or hassle".
- What about server to server communication ? As easily as we can build a OIDC federation we can build a OAuth2 federation which opens up some interesting new avenues.
- One can imaging different federation operators taking different interest in the state of the federation. What kind of functionality would an involved federation operator need ?
- What do others think about allowing 'anyone' to use their own APIs through the OIDC federation? ("Authorisation-Server-as-a-Service")
- It seems like OIDC significantly lowers the bar for integrating services with federations, which is for example noticed by the research community (at least in Australia ). But what does this mean for federation policies, contracts, agreements, etc.? Will there be 2 separate federations with different technologies (SAML vs. OIDC) and different policy sets?
- <Your topic to discuss goes here>
Location
TNC17 Venue / Design Center Linz
Europaplatz 1
4020, Linz
Austria
http://www.design-center.at/
Room: Split Meeting Room 11
Date & Time
Friday 2nd June 2017
09:00 - 16:00