Versions Compared

Old Version 12

changes.mady.by.user Branko Marovic

Saved on

compared with

New Version 13

changes.mady.by.user Branko Marovic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. After deployment, the "My Metadata" screen is initially empty.
  2. With Using an "Add Role" button (we might rename it if a better suggestion arises) button, the user can select one of the following: SAML IdP, OIDC OP, SAML SP, OIDC RP.
  3. Regardless of what is the selected role, the user can set up a Display Name and a Logo for the chosen role.
  4. If the SAML IdP role is selected, a checklist of supported entity categories will be available:
    1. Research & Scholarship
    2. Anonymous Access (v2)
    3. Pseudonymous Access (v2)
    4. Personalised Access (v2)
  5. If the SAML SP role is selected, the following settings/attributes are available:
    1. Research & Scholarship
    2. Code of Conduct

...

  1. On the metadata management screen, the user presses "Add remote entity metadataRemote Entity Metadata."
  2. The available options depend on the roles configured:
    1. If the instance has the SAML IdP role, the user can add downloaded SAML SP metadata as XML from XML a file or a URL to download.
    2. If the instance has the OIDC OP role, the user can add a redirect URI, name, and description (the instance provisions the client ID and client secret).
    3. If the instance has the SAML SP role, the user can add SAML IdP metadata.
    4. If the instance has the OIDC RP role, the user can add an OP.

...

  • Step back/forward during config changes (step-by-step wizard for adding a new entity/item)?
  • Metadata should Should metadata feed into SSP and SaToSa configurations, or should we limit the MVP to one for the MVPplatform?
  • Add/remove entity metadata to participated federation(s)?
  • Could remote entities be offered based on federation metadata?

...

Context: If you added at least one of (SAML IdP, OIDC OP) and one of (SAML SP, OIDC RP), then you can act as a proxy. In this case, a configuration option that was previously unavailable ("grey") becomes available as 'Proxy configurationConfiguration.'
Here, you can add identity and profile attribute mappings.

...

  • Dashboard

    • Overview of metadata management status.
    • Quick access to recent activities and common tasks.
  • Configuration
    • Configuration of the local instance not related to remote entities.
      • Attribute sources

    • Features: Originally suggested generic entity configuration management features; now only locally?:

      • Export/import of config items/entities.
      • Copy/delete (copy as a poor man's versioning).
      • Editing of entities in the GUI (common configuration items, protocol-specific features).
      • Raw config edit.
      • Config check.
      • Apply config.
      • Git config save.
      • Generic post-processor for configs, which could be used for configuration check, deployment, activation, and Git push.
      • Versioning and rollback from Git (Git config restore).
      • Dynamic updates to the configuration without requiring a full joint restart of the GUI, role components, or proxy service (by keeping them apart).


  • Metadata Management

    • Federation-level: Interface to add/edit federation-wide metadata.
    • Individual SPs/IdPs: Interface to add/edit metadata for individual SPs/IdPs, with options for manual entry or file import.

  • Relation Management

    • Select SP/IdP: Dropdown or search functionality to select an SP/IdP.
    • Activate SP/IdP: Toggle to activate the selected SP/IdP.
    • Attribute Release Policy (SP): Options to configure REFEDs entity categories for SPs.
    • Requested Attributes (IdP): Options to select requested entity categories for IdPs.

  • My Metadata

    • Display Name: Field to enter/display the name of the proxy.
    • ?Supported Entity Categories: Checklist or dropdown to select supported categories.
    • Logo: Upload functionality to add a logo.

...

Features for a later version

  • Search (of what, where, by what attributes?).
  • Proxy wizard.
  • Mapping between local and remote admin users , (we could restrict the the MVP to require mutually identical or trusted users).
  • Is proxying between SAML and OIDC for a later version beyond the MVP?

  • Topology graph.

  • Reporting and analytics: statistics, issues, events/logs.
  • Audit trail (in addition to basic reports)
  • Management of multiple/remote proxy instances.

  • Entity lifecycle management: Draft, Test, Production, Support for parked entities/configs, Logically deleted.

  • Publicly specified API to access/edit configuration/history of the service and its entities configuration/history.
  • Managing (meta)data exchange (at the proxy):
    • Management of attribute filtering between IdPs and SPs.
    • Management of mapping of attributes.
    • Attribute transformation rules.
    • Setting of attribute values for entities.
  • Possibly contentious:
    • Validation of encryption and signatures of entities and their messages.
    • Enforcement of authentication and authorisation policies (defined locally or by IdPs).
    • Integration with MFA by the proxy.

...