Versions Compared

Old Version 1

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version 2

changes.mady.by.user Michael Schmidt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

#Use this template to capture proposal for a new Incubator Activity - delete this line after using the template#

Participants

Panel
titleProposers


#Enter the persons who are submitter of the Activity - delete this line after using the template#
NameOrganisation
Slavek Licehammer & Pavel BrousekCESNET


...

Panel
titleGN4-3 project team


#Enter the persons who are participating in the team that works on this Activity - delete this line after using the template#

NameOrganisationRole
Ondrej ErnstCESNETdev, TIM
Pavel BrousekCESNETmentor














Panel
titleStakeholders


#Enter the persons who are internal projects or external stakeholders of this Activity - delete this line after using the template#

Name

Organisation

Role 
ChristosGEANTeduTEAMS
SaToSa community

SimpleSAMLphp community (Stefan Winter, Joost van Dijk)

Restena, SURFnet



...

Panel
titleDescription

WebAuthn​ (Web Authentication), part of the FIDO2 Project, is a web standard published by the W3C that enables strong authentication with public-key cryptography, passwordless authentication, and secure two-factor authentication. The standard defines a JavaScript API which allows token registration and subsequent authentication. The API is implemented in current versions of all major browsers (​ Edge 18+, Firefox 60+, Chrome 67+, Safari 13+, Opera 54+​ ) and is also backwards-compatible with (legacy) U2F tokens.

This activity implements or extends this API into existing open source community products


Panel
titleActivity goals

#Please describe the goals of Activity, including what needs to be delivered, participants, the community(ies) that require a solution. Describe when the Activity is done and how to measure the success of it, in a SMART way. - delete this line after using the template#

<Enter here>The goal of this activity is to contribute to the SimpleSAMLphp Webauthn module as well as to develop a new custom module for SATOSA to support 2FA using the WebAuthn API. Resulted modules would be integrated and tested in eduTEAMS (SATOSA) and ELIXIR AAI (SimpleSAMLphp).

Activity Details

Panel
titleTechnical details

Authentication proxies translate between authentication protocols such as SAML2, OIDC, and OAuth2. A proxy receives authentication requests from SPs or RPs and relays them onto IdPs or OPs. If a service requires two-factor authentication, for example, using the REFEDS assurance framework, and the identity provider does not support it, the proxy may perform the second-factor authentication. Two significant open-source examples are SimpleSAMLphp which can serve as an authentication proxy and Python-based​ SATOSA which was explicitly developed as a proxy.

WebAuthn can be used for passwordless authentication or for second-factor authentication to increase users‘ security. As of October 2019, a​ module for SimpleSAMLphp​ is being developed to bring WebAuthn support.

#Please describe the technical details for the Activity. - delete this line after using the template#

<Enter here>


Panel
titleBusiness case

#What is the business case for the Activity? Who would be beneficiaries of the results of the Activity and what would potential business case look like if applicable? - delete this line after using the template#

<Enter here>The implementation of WebAuthN modules for SATOSA and SimpleSAMLphp would enable major parts of the T&I community to use state-of-the-art multi factor authentication without implementing something on their own.


Panel
titleRisks
  • First time a project was proposed and will be implemented by TIM → unknown outcome
  • WebAuthN is a very popular standard with a lot of ongoing activities. It might happen that someone works already on a similar project or publishes before the activity ends.

#Are there risks that influence either the implementation of the activity or its outcomes? - delete this line after using the template#

<Enter here>


Panel
titleData protection & Privacy

#How do data protection and privacy impact the Activity? Think about e.g. handling of personal data of users - delete this line after using the template#

<Enter here>The product handles highly sensitive authentication data which provide access to user identities. High standards for coding, security and quality control are required.


Panel
titleDefinition of Done (DoD)

This activity is done when:

  • A prototype of a WebAuthN module for SATOSA and SimpleSAMLphp is implemented
  • The prototypes are successfully tested with eduTEAMS and ELIXIER
  • The module are provided to the SATOSA/SimpleSAMLphp community

#Please describe here the set of criteria that the product must meet in order to be considered finished. - delete this line after using the template#

<Enter here>


Panel
titleSustainability

#How are the results of the Activity intended to be used? If this requires further engagement, can you describe how you intent to sustain it? - delete this line after using the template#

<Enter here>The modules will be submitted to the upstream repositories and later managed by the corresponding communities.

Activity Results

#Please provide pointers to completed and intermediary results of this activity - delete this line after using the template#
Panel
titleResults


Meetings

Date

Activity

Owner

Minutes

January 1, 2017

Kickoff meeting



















...