Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Participants

Panel
titleProposers


NameOrganisation
Slavek Licehammer & Pavel BrousekCESNET


...

Panel
titleGN4-3 project team


NameOrganisationRole
Ondrej ErnstCESNETdevDeveloper, TIM student
Pavel BrousekCESNETmentorMentor



Panel
titleStakeholders


Name

Organisation

Role 
Christos KanellopoulosGEANT AssociationGN4-3 eduTEAMS Service Owner

SaToSa communityReview and feedback
SimpleSAMLphp community (

Stefan Winter (Restena), Joost van Dijk (SURF)

Restena, SURFnet

SimpleSAMLphp community

Review and feedback



Panel
titleStakeholder engagements


DateName(s)OrganisationNotes
18.11.19

Christos Kanellopoulos 

GEANT AssociationInitial stakeholder kick-off
17.12.19--Sprint Demo 2.1
19.03.20--Sprint Demo 2.3
30.06.20--Sprint Demo 2.6


Activity overview

Panel
titleDescription

WebAuthn​ (Web Authentication), part of the FIDO2 Project, is a web standard published by the W3C that enables strong authentication with public-key cryptography, passwordless authentication, and secure two-factor authentication. The standard defines a JavaScript API which allows token registration and subsequent authentication. The API is implemented in current versions of all major browsers (​ Edge 18+, Firefox 60+, Chrome 67+, Safari 13+, Opera 54+​ ) and is also backwards-compatible with (legacy) U2F tokens.

This activity implements or extends this API into existing open source community products

...

Panel
titleActivity goals

The goal of this activity is to contribute to the SimpleSAMLphp Webauthn module as well as to develop a new custom module for SATOSA to support 2FA using the WebAuthn API. Resulted modules would be integrated and tested in eduTEAMS (SATOSA) and ELIXIR AAI (SimpleSAMLphp).

Activity Details

Panel
titleTechnical details

Authentication proxies translate between authentication protocols such as SAML2, OIDC, and OAuth2. A proxy receives authentication requests from SPs or RPs and relays them onto IdPs or OPs. If a service requires two-factor authentication, for example, using the REFEDS assurance framework, and the identity provider does not support it, the proxy may perform the second-factor authentication. Two significant open-source examples are SimpleSAMLphp which can serve as an authentication proxy and Python-based​ SATOSA which was explicitly developed as a proxy.

WebAuthn can be used for passwordless authentication or for second-factor authentication to increase users‘ security. As of October 2019, a​ module for SimpleSAMLphp​ is being developed to bring WebAuthn support.

...

Panel
titleDefinition of Done (DoD)

This activity is done when:

  • A prototype of a WebAuthN module for SATOSA and SimpleSAMLphp is implemented
  • The prototypes are successfully tested with eduTEAMS and ELIXIERELIXIR
  • The module are provided to the SATOSA/SimpleSAMLphp community

...

Panel
titleSustainability

The modules will be submitted to the upstream repositories and later managed by the corresponding communities.

Activity Results

Panel
titleResults

Meetings

Date

Activity

Owner

Minutes

January 1November 25, 20172019

Kickoff Stakeholder meeting



















Documents

Attachments