Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you like an existing idea you can just add a +1 for endorsement. The more supporters a proposal gets the more likely it is to be implemented.

Info
titleExample from a previous cycle


TitleProposerDescriptionSupporter (+1)

Self service - Signing in activity

Janusz Ulanowski
(HEAnet CLG)

Service which could allow an user to check signing in activity on IdP service. That would allow an user to check the recent activity on his account in regards of authentication. Users could see the list if authentications containing datetime, ip and relying party etc. That would help them to spot suspicious activity.

After discussion in the Incubator board, the proposal for the Incubator is inspired by the above proposal, but with a slight difference:

Setting up a service as proposed originally is rather challenging as that service would have to learn about a lot of personal data. However, 'account activity', deployed as part of an IdP extension would actually improve privacy and GDPR compliance of e.g. SimpleSamlPHP and Shibboleth.
Proposal is to create such extensions for SSP and Shibboleth in close collaboration with the relevant community

Both SimpleSamlPHP and Shibboleth as well as also support the OIDC protocol. A 'profile page' should also allow an end user to manage and revoke OIDC access.

Janos Mohacsi: it would be advantageous to have a standardised log format  to all popular IdPs. Then these logs should be dumped to ELK or similar server. The log collection server should  provide a restricted access to the logs of a particular users.

Mihály Héder: I think an Audit Log self-service is an interesting functionality. Account activity is available in many commercial accounts, certainly the googles and the microsofts of the world. We should keep up - also not only the IdP Audit Log but the SP is relevant.


Proposals:

Table of Contents
minLevel5

Proposal details:

TitleProposerDescriptionSupporter (+1)