| Proposer | Davide Vaghetti |
|---|---|
| Area | STANDARDS & PROTOCOLS |
| Type of work | DEVELOPMENT |
| Output | PROTOTYPE |
| History | Trust fabric for wallets |
The eduGAIN service activity will set up a POC in order to evaluate the new OpenID Federation (OIDfed) standard and wants to eventually create an official eduGAIN Technology Profile to extend the current service.
The Trust and Identity Incubator has over the years build considerable experience with developing tooling, and implementing OpenID Fed in various products and languages, as well as evaluating e.g. REFEDs specifications in the context of OIDfed.
This activity seeks to contribute to the eduGAIN PoC by:
- Sharing existing experience and providing a sparring partner to the eduGAIN PoC team
- Contribute to standards and policy development for eduGAIN and national federations (upon request by the eduGAIn PoC team)
- Developing or further enhancing software tools, including, but not limited to:
- Contribute to existing software development for the eduGAIN PoC
- Build/Productise a (scalable) resolver which can be deployed by fedops and eduGAIN
- Further improve visualisation and reporting tooling
- Further improve Go based OP/RP
The incubator will work on these in close collaboration with the eduGAIN PoC team.
eduGAIN provides a a governance model and body for global collaboration between the national federations; A policy for participating federations and entities; A technical infrastructure which publishes metadata; Tools to view, test and validate participants; Specifications for global interoperability.
All of this was expressed in a SAML technical profile, but the creation of other profiles is possible. This activity creates the proof-of-concept for the OpenID Federation profile, which, in turn is a great opportunity to re-evaluate some aspects of the eduGAIN model, detailed above.
The following parties will use the results of this activity:
| T&I Service | The results will be used by the eduGAIN service task. |
|---|---|
| R&E Community | - |
| External Party | - |
The following results were created and delivered:
- OpenID Fed set up kit based on T&I Incubator tools
- DRAFT eduGAIN OpenID Federation Technological Profile
- eduGAIN Testbed
- Edugain Trust Anchor: https://edugain.edugain-poc.incubator.geant.org/
- Go-based Trust Anchor / Intermediates
- Go-based RPs
- Roland Hedberg's python OP
- SSP and shib OPs first versions
- Different Trust Marks and Trust Mark Issuers
- Dynamic Trust Mark refreshing
- Tooling
- OFcli - command line tool for inspecting OID Federation topology, entities, evaluate trust chains and trust marks - https://github.com/dianagudu/ofcli
OID Fed library for GO - https://github.com/zachmann/go-oidfed
Examples for edugain pilot - https://github.com/zachmann/go-oidfed/tree/master/examples/edugain-pilotOID Fed RP in Go - https://github.com/zachmann/go-oidfed/tree/master/examples/rp
- Print demo results: Incubator demos#Cycle9