...
Title | Scope verification based on DNS |
---|---|
Description | The scope part of attributes means critical security context for many applications. Currently the only way for an SP to check whether an IdP is allowed to use a scope is based on verification of shibmd:Scope metadata extension. As metadata might originate from a massive number of sources, an organization and/or an SP might want to provide additional means to verify scope usage. If the scope equals to a real domain name, it can be easily implemented by adding TXT records to the domain record that describe the allowed entityIDs which can assert the scope. (Similar to SPF - Sender Policy Framework.) This should be an optional measure in addition to existing metadata-based scope verification technique. |
Proposer | Kristof Bajnok (eduID.hu) |
Resource requirements | standardization - REFEDs? implementation for Shibboleth and SimpleSAMLphp |
+1's | <for others to voice their support - add your name here>Nick Roy, InCommon |
Title | Adoption & Outreach Support for eduGAIN BCP |
---|---|
Description | BCP for eduGAIN will be launched in 2018. Federations should be supported to gain adoption by campuses |
Proposer | Ann H on behalf of several |
Resource requirements | Funding for outreach and adoption efforts at each GEANT partner, strategic/materials support for all. |
+1's | <for others to voice their support - add your name here>Nick Roy, InCommon |
Title | Reference implementation of an IdP and OP in Python |
---|---|
Description | The current GN4-2 projet has invested heavly into the Python stack for OpenID Connect (federation) and it should be good to put together a full blown home organisation IdP/OP based on this work and earlier work with the SAML stack. This imlementation should support all current best practices in eduGAIN and retrie attributes from different sources. |
Proposer | Pål Axelsson on behalf of Sunet |
Resource requirements | money, software dev |
+1's | Stefan Winter Nick Roy, InCommon |
Title | Allow eduGAIN OT to enrich MDS metadata |
---|---|
Description | Currently, metadata is controlled exclusively by federation operators, which is generally good. However, there will pop up use-cases where it is more efficient, a lot faster and definitely more agile to allow eduGAIN OT to enrich eduGAIN metadata centrally with some entity categories because if all 50+ federations have to do something, it will take years and effort to set some entity category is duplicated for each federation. |
Proposer | Lukas Hämmerle, SWITCH |
Resource requirements | Policy might need to be changed, it would have to be defined what/what not eduGAIN OT reasonably could and should do. Some (limited) implementation effort on MDS might be needed. |
+1's | Nick Roy, InCommon |
You do not have to fill in every field, just give as much detail as you have right now if you know them.