#Use this template to capture proposal for a new Incubator Activity - delete this line after using the template#
Participants
| Panel |
|---|
|
#Enter the persons who are submitter of the Activity - delete this line after using the template#| Name | Organisation |
|---|
| Slavek Licehammer & Pavel Brousek | CESNET |
|
...
| Panel |
|---|
|
#Enter the persons who are participating in the team that works on this Activity - delete this line after using the template# | Name | Organisation | Role |
|---|
| Ondrej Ernst | CESNETdev | Developer, TIM student | | Pavel Brousek | CESNET | mentorMentor |
|
| Panel |
|---|
| #Enter the persons who are internal projects or external stakeholders of this Activity - delete this line after using the template# |
| Name | Organisation | Role |
|---|
| Christos Kanellopoulos | GEANT Association | GN4-3 eduTEAMS Service Owner |
| SaToSa community | Review and feedback | | SimpleSAMLphp community ( Stefan Winter (Restena), Joost van Dijk (SURF) Restena, SURFnet | SimpleSAMLphp community | Review and feedback |
|
| Panel |
|---|
| title | Stakeholder engagements |
|---|
|
|
Activity overview
| Panel |
|---|
|
WebAuthn (Web Authentication), part of the FIDO2 Project, is a web standard published by the W3C that enables strong authentication with public-key cryptography, passwordless authentication, and secure two-factor authentication. The standard defines a JavaScript API which allows token registration and subsequent authentication. The API is implemented in current versions of all major browsers ( Edge 18+, Firefox 60+, Chrome 67+, Safari 13+, Opera 54+ ) and is also backwards-compatible with (legacy) U2F tokens. This activity implements or extends this API into existing open source community products |
| Panel |
|---|
|
#Please describe the goals of Activity, including what needs to be delivered, participants, the community(ies) that require a solution. Describe when the Activity is done and how to measure the success of it, in a SMART way. - delete this line after using the template# <Enter here> |
The goal of this activity is to contribute to the SimpleSAMLphp Webauthn module as well as to develop a new custom module for SATOSA to support 2FA using the WebAuthn API. Resulted modules would be integrated and tested in eduTEAMS (SATOSA) and ELIXIR AAI (SimpleSAMLphp). |
Activity Details
| Panel |
|---|
|
Authentication proxies translate between authentication protocols such as SAML2, OIDC, and OAuth2. A proxy receives authentication requests from SPs or RPs and relays them onto IdPs or OPs. If a service requires two-factor authentication, for example, using the REFEDS assurance framework, and the identity provider does not support it, the proxy may perform the second-factor authentication. Two significant open-source examples are SimpleSAMLphp which can serve as an authentication proxy and Python-based SATOSA which was explicitly developed as a proxy. WebAuthn can be used for passwordless authentication or for second-factor authentication to increase users‘ security. As of October 2019, a module for SimpleSAMLphp is being developed to bring WebAuthn support. #Please describe the technical details for the Activity. - delete this line after using the template# <Enter here> |
| Panel |
|---|
|
#What is the business case for the Activity? Who would be beneficiaries of the results of the Activity and what would potential business case look like if applicable? - delete this line after using the template#
<Enter here> |
| Panel |
|---|
|
#Are there risks that influence either the implementation of the activity or its outcomes? - delete this line after using the template#
<Enter here> |
The implementation of WebAuthN modules for SATOSA and SimpleSAMLphp would enable major parts of the T&I community to use state-of-the-art multi factor authentication without implementing something on their own. |
| Panel |
|---|
|
- First time a project was proposed and will be implemented by TIM → unknown outcome
- WebAuthN is a very popular standard with a lot of ongoing activities. It might happen that someone works already on a similar project or publishes before the activity ends.
|
| Panel |
|---|
| title | Data protection & Privacy |
|---|
|
#How do data protection and privacy impact the Activity? Think about e.g. handling of personal data of users - delete this line after using the template#
<Enter here> |
The product handles highly sensitive authentication data which provide access to user identities. High standards for coding, security and quality control are required. |
| Panel |
|---|
| title | Definition of Done (DoD) |
|---|
|
#Please describe here the set of criteria that the product must meet in order to be considered finished. - delete this line after using the template# <Enter here> |
|
This activity is done when: - A prototype of a WebAuthN module for SATOSA and SimpleSAMLphp is implemented
- The prototypes are successfully tested with eduTEAMS and ELIXIR
- The module are provided to the SATOSA/SimpleSAMLphp community
|
| Panel |
|---|
|
#How are the results of the Activity intended to be used? If this requires further engagement, can you describe how you intent to sustain it? - delete this line after using the template# <Enter here> |
The modules will be submitted to the upstream repositories and later managed by the corresponding communities. |
Activity Results
| Panel |
|---|
|
| #Please provide pointers to completed and intermediary results of this activity - delete this line after using the template# |
Meetings
Date | Activity | Owner | Minutes |
|---|
January 1November 25, 20172019 | Kickoff Stakeholder meeting |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Documents
