Versions Compared

Old Version 7

changes.mady.by.user Héder Mihály

Saved on

compared with

New Version 8

changes.mady.by.user Héder Mihály

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Use cases

Initial setup after installation

Context: The instance may participate in at least one, potentially multiple federations (federation being a generic term here, either meaning SAML federations as well as a bunch of OIDC parties, as well as intra-organization set of entities (internal federation). Therefore it will have an identity as either service provider (SAML SP or OIDC RP) or identity provider (SAML IdP or OIDC OP) or both. This or these will be the deployment's role(s).

  1. After the deployment, the "My Metadata" screen is empty.
  2. With an "Add Role" (we might rename it if there is a better suggestion) button the user selects one of the following: SAML IdP, OIDC OP, SAML SP, OIDC RP.
  3. Regardless of what is selected, the user can set up a Display Name and a Logo for that given role
  4. If SAML IdP is selected, there is a checklist of supported entity categories
    1. Research & Scholarship
    2. Anonymous Access (v2)
    3. Pseudonymous Access (v2)
    4. Personalized Access (v2)
  5. If SAML SP is selected
    1. Research and Scholarship
    2. Code of Conduct

Adding remote entity metadata

Context: the user adds metadata of the entities this deployment should know and trust.

  1. On the metadata management screen the user presses "add remote entity metadata"
  2. The options are conditional on the roles.
    1. If the instance has SAML IDP role, there is an option to add a SAML SP metadata XML (or URL to download)
    2. If the instance has OIDC OP role, there is an option to add a redirect URI, name and description (the instance provisions the client ID and client Secret)
    3. If the instance has SAML SP role, there is an option to add SAML IDP metadata
    4. If the instance has an OIDC RP role, there is an option to add an OP

Adding metadata source

Context: you can add an MDQ source and trust everything that is coming out of it. In a later, more advanced age, you may be able to add an OIDFed intermediate authority.

TBD

Deactivate/activate remote entity

...

Edit data sources and data release (not MVP)

Context: only applies if there is a SAML IdP or OIDC OP role enabled

...