This page collects proposals for future Incubator activities. Anyone may add a new idea by adding a new row to the table below.
Ideas don't need to be fully formed but the more scope we can get the easier it will be to assess whether the idea should be taken forward.
Anything in the Trust and Identity space is of interest, from improvements to current services to brand new ideas and technologies.
If you like an existing idea you can just add a +1 for endorsement. The more supporters a proposal gets the more likely it is to be implemented.
How are the topics selected?
The T&I incubator topics are generated by different methods:
- public calls for proposals for ideas (on relevant email lists). The call for ideas are not only for the next upcoming cycle.
- based on input from the T&I service owners and the service owner's development plan
- by the incubator team by participation at relevant events (TNC, TIIME, FIM4R, TechEx, etc)
- by the incubator team based its own research
- re-evaluation of past, not-yet-implemented proposals to see if their relevance increased or conditions improved.
During the public calls there is a possibility to support (+1) topics (in this wiki) and to comment/enhance proposals made by others. While there is a season for public calls, the task leads might be approached at any time with a topic idea.
Ultimately, it is the task leads' responsibility to pick the topics, supervised by the work package leads and with the input and guidance from the WP5 lead team.
The task lead's job is to verify that:
- The proposal is inline and supports the execution of the GEANT strategy for the T&I area and the objectives of the GEANT project T&I Work Package
- the proposal is realistically implementable in the ~ net 6 months that is available for one cycle for effective work, and within the budget
- there is adequate kind of and amount of skill within the team to carry out a proposal. This means that even a well-prepared topic might get delayed or not picked up, if it requires a special skill (i.e. a programming language) that cannot be acquired.
- there are no past or parallel efforts to carry out the exact same work. Similar, complementary, related efforts are not a problem as they signal interest in the general area. In such cases the proposal should be adjusted to prevent reinventing and to enhance collaboration with related work
- in general, there should be an element of novelty and risk in the proposals. The Incubator is dedicated space for the T&I topic to experiment and even fail in a managed way. This is much less afforded to the other activities. Therefore, any proposal that achieves risk-less development goals has an opportunity cost of not using the resources for experimental, exploratory work. Experimental nature might come from: a first-of-a kind implementation of an idea or a spec; a first-of-a-kind combination of technologies, proof-of-concept for yet untested ideas, etc.
The points above also mean that topic popularity itself can only be one factor of topic selection. The task leads should be transparent about their reasoning.
It is also the task leads' job to improve, enhance on any proposals to achieve the above goals, which might require background research, community engagement and looking for talent.
Example from the previous cycle
| Title | Proposer | Description | Supporter (+1) |
|---|---|---|---|
| eduGAIN PoC | Davide Vaghetti (GARR/IDEM & eduGAIN), Niels van Dijk (SURF) | The eduGAIN service activity will set up a POC in order to evaluate the new OpenID Federation (OIDfed) standard and wants to eventually create an official eduGAIN Technology Profile to extend the current service. The Trust and Identity Incubator has over the years build considerable experience with developing tooling, and implementing OpenID Fed in various products and languages, as well as evaluating e.g. REFEDs specifications in the context of OIDfed. This activity seeks to contribute to the eduGAIN PoC by:
The incubator will work on these in close collaboration with the eduGAIN PoC team. |
Proposals:
Topic submission deadline
The Call for Ideas for the next cycle starting in XX is still open.
The submission deadline for the next cycle is XX 2025.
| Title | Status | Proposer | Supporter (+1) | Description | Task leaders' notes |
|---|---|---|---|---|---|
Scalable, interoperable revocation (in EUDI wallets) | ready for consideration | Stefan Liström (SUNET) | Marina Adomeit (SUNET) | Revocation is not only a mandatory privacy enhancing feature for end-users, it is also a core security feature. Both use cases for revocation need to be implemented in a future EUDI wallet ecosystem. There is currently however no clear solution for interoperable, scalable revocation in the EUDI. This activity investigates and describes the possible approaches for scalable, interoperable ways to handle revocation. The activity should try to test at least two of the approaches with respect to requirements on scalability and interoperability as may needed for the EUDI. | Possible outcomes: report, training materials, proof-of-concept solutions, proposal for the relevant decision makers in EUDI. Note (Mihály): revocation is so basic that it is suspicious if no one else works on this right now |
iic Implement OID4VCI/VP in SimpleSAMLphp and Shibboleth IdP dashboard | ready for consideration | Mihály Héder (HUN-REN) | (mentioned in Scott Cantor's 2024 TechEx shibboleth report as a reasonable candidate for future development) | The primary motivation of this topic is to create Verifiable Credential issuer tools for our community so that it can participate in the wallet ecosystem. The best place to start appears to be the IdP software as here we can leverage the sophisticated data handling retrieval and transformation both Shib and SSP, that is already deployed on top of university student information systems, research organization user databases, institutional LDAP or SQL deployments; exactly where the relevant data resides. Plus, in terms of user interface we can leverage the TI Incubator's earlier outcome, the IdP Dashboard, which was developed for both Shib and SSP. | Possible outcomes: prototypes, documentation, open source code for the relevant FOSS projects. |
Passkey registration to User Profile Page (Shibboleth) | ready for consideration | Janne Lauros (CSC) | Timo Tunturi (Aalto Uni) Mihály Héder (SZTAKI) | This proposal is continuation to earlier incubator work where User Profile Page for Shibboleth was implemented as means for the user to view the available user data and the tokens issued on behalf of user (https://github.com/GEANT/shib-idp-profile). Shibboleth project is working on WebAuthn authentication flow and has define the scope for the Passkey management as "The inbuilt flow represents the minimum viable product for implementing such a feature. In the future other plugins may provide this functionality". We propose following task for the next Incubator Cycle to provide additional features for Passkey maangement
| Possible outcomes: prototypes, documentation, open source code for the relevant FOSS projects. |
SeamlessAccess with OIDFed Support | under development | Zacharias Törnblom | Mihály Héder (HUN-REN) | Primary goal: show OIDC OPs the same way as SAML IdPs - in synergy with the eduGAIN OIDFed PoC project. Secondary goal: use credentials to persist the choice of home organization. | Possible outcomes: report, educational material, prototype to be picked up by the SeamlessAccess project |
Automatic collection of Verifiable Academic Efforts | under development | Mihály Héder (HUN-REN) |
| Academic Track Record is the primary source for establishing trust between collaborators that don't know each other. In such events, the researchers are left to check to past affiliations of each other, look for collaborators they shared, see what impactful conference or journal paper the other appeared in, see if the other supervised or reviewed PhDs, postgrads in relevant topics. Hence, a semi-formalized trust chain in established. In order to establish more trust in a researcher account in an academic collaborations, there are several automated actions an AAI platform can take. Commercial (Academia.edu, researchergate, google scholar) and community-owned (ORCID) initiatives already perform very basic collection of information (scraping crossref metadata (DOI)-s and the web). These methods could be much enhanced with more assured information that we have in the Research and Education space and could enrich an institutional or a MyAccessID account, for example. Several parts of this concept has been proven and demonstrated by the various science social networks, like Academia.edu and ResearchGate, who, as soon as a publication appears with a DOI. This is done by regularly scraping the related database, and the same happens for citations. This very often happens with matching of name strings, in lack of better curated attributes in the crossref metadata and results in mis-attributed data. However, other, equally important elements of the record - peer reviews in and efforts service of science, like PhD defense committee membership, and altmetrics (contribution to research software, instruments; confirmed reader counts) are overlooked and the technology for that is only an idea at this moment. A) arXiv API+ORCID: in possession of a verified ORCID, the arXiv API can be queried for articles written by an author: Trust: high arXiv was originally created for physics and is still dominant on that field. Output DOI+publishing place B) Crossref API+ORCID In the crossref JSON metadata, ORCID is present, if it was known
C) DBLP+ORCID on DBLP is possible to search by ORCID D) email based matching E) name based matching trust: low F) Consuming Verifiable Credentials | Possible outcomes: report, prototypes |
HumbleScholar | under development | Mihály Héder (HUN-REN) |
| There is a widely acknowledged crisis in science assessment. By now, this prevents the realization of its most important norms that ensured its progress in the past. CoARA, a consortium of 700 research institutions, the most recent effort countering the problem offers this description: "Assessment processes relying predominantly on journal- and publication based metrics can be a hurdle to the recognition of diverse contributions and may negatively affect the quality and impact of research. They also contribute to an unhealthy research culture and an unaffordable publication system." (CoARA mission statement, March 2024, https://coara.eu/app/uploads/2024/03/CoARA_Presentation_-5min_.pdf) One part of the problem is in the managerial approach, hence best addressed by CoARA's advocacy. An overlooked element however is the tooling - and the lack thereof that streamlines the creation and propagation of publication records (through the now near-universal DOI system), while the rest of the contribution types are overlooked. This way the accounts of researchers are automatically enhanced for publications but not for other achievements (see also my other topic proposal titled "Automatic collection of Verifiable Academic Efforts"). Alarmingly from a T&I point of view, usually even these are usually tied to an email address as a primary identifier, a surname and the initials of the given names, with all the associated problems. For the rest of the contribution types: reviews, reproduction of experiments, software-as-research-outcome, PhD committee work - there is no such universal mechanism, but it is recognized that some sort of certificates or credentials should be issued at the point where such activity happens. ORCID academic activity record type and Clarivate corp.'s Publons partially address this problem, but in a way that is tied to one given platform. With the emergence of Verifiable Credentials and the GÉANT community's experience in creating truly global collaborations we might be able to help the reform efforts. | Possible outcomes: Proof-of-Concept, reports, educational materials, research assessment community engagement |
OIDFed National Federations PoC | under development | Mihály Héder (HUN-REN) |
| Leveraging the fact that many T&I team members have experience in running SAML federations, we are well placed to create simulations of how a migration to / expanding with OIDFed would work for them. In order for the OIDFed to be successful, small and large, proxy-based and mesh federations all should be able to implement it with ease. By running some hypothetical, simulated migration projects, we would have comprehensive a gap analysis on OIDFed, both in terms of training materials, non-covered use cases and tooling for all kinds of federations. | Possible outcomes GAP analyis, training materials |
OIDFed of groups and people | under development | Mihály Héder (HUN-REN) |
| Academics are expected to have a public persona, complete with a public, unique identifier tied to their real name (ORCID), public affiliations, etc. This is necessary to fulfill one of the most important ethos of science, sharing knowledge, which in practice also creates a need to promote publications, collaborations, research agendas, etc. This sets academics apart from citizens in general, who are interested in maximal achievable online privacy. This special feature of academic life means that academics could be interested in not only a public profile page such as ORCID, Academia.edu, ResearchGate, etc. but even in public endpoints representing them. With and OIDFed leaf endpoint, together with a trust mark ecosystem acedemics could build trust chains to each other. This is crucial as often they have to collaborate with peers the don't know beforehand and they are resorted to the public academic track record (see the other topic "Automatic collection of Verifiable Academic Efforts") and guesswork. A main use case would be partner finding, verifying new hires and publising. In the latter domain editors should establish that the person submitting is real in the first place (email, ORCID can be self-generated) and that the affiliation is real. Memberships, such as IEEE or other could also be interesting. | Possible outcomes report or publication PoC solutions |