Versions Compared

Old Version 15

changes.mady.by.user Héder Mihály

Saved on

compared with

New Version Current

changes.mady.by.user Branko Marovic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Step back/forward during config changes (step-by-step wizard for adding a new entity/item)? Scenarios, like proxy, could be set up the same way.
  • Should metadata feed into SSP and SaToSa configurations, or should we limit the MVP to one platform, e.g. SSP?
  • Add/remove/update entity metadata to participated federation(s), or at least let the user know what should be notified?
  • Could remote entities be offered in the GUI based on federation metadata?

...

Features: What about notifying the changed status to other known related entities? Or notify user that known connected entities may be affected, offering shortcuts to their configuration/relationships editing.

Configure proxy mode

Context: If you added at least one of (SAML IdP, OIDC OP) and one of (SAML SP, OIDC RP), you can act as a proxy. In this case, a configuration option that was previously unavailable ("grey") becomes available as 'Proxy Configuration.'
Here, you can add identity and profile attribute mappings.

Features: Is proxying between SAML and OIDC for a later version beyond the MVP? Also, what would be a level of control over SAML/OIDC associations, since SaToSa is doing some things on its own.

Edit data sources and data release (not MVP)

...

  • Search (of what, where, by what attributes?).
  • Proxy wizard.
  • Mapping between local and remote admin users (we could restrict the MVP to require mutually identical or trusted users).
  • Is proxying between SAML and OIDC for a later version beyond the MVP?

  • Topology graph.

  • Reporting and analytics: statistics, issues, events/logs.
  • Audit trail (in addition to basic reports).
  • Management of multiple/remote proxy instances.

  • Entity lifecycle management: Draft, Test, Production, Support for parked entities/configs, Logically deleted.

  • Publicly specified API to access/edit configuration/history of the service and its entities.
  • Managing (meta)data exchange (at the proxy):
    • Management of attribute filtering between IdPs and SPs.
    • Management of mapping of attributes.
    • Attribute transformation rules.
    • Setting attribute values for entities.
  • Possibly contentious:
    • Validation of encryption and signatures of entities and their messages.
    • Enforcement of authentication and authorisation policies (defined locally or by IdPs).
    • Integration with MFA by the proxy.

...