The goal of the activity is to deliver a (software or service) solution that assists federation operators of NREN federations in testing at scale of several core security aspects of Service Providers SAML deployments within their federation. Deployment scenarios, to be confirmed with stakeholders, might include: - Self-testing by an SP as part of the route towards becomig a production deployment
- (Automated) Testing the SP deployment as part of the inital onboarding into the federation by FedOps
- (Automated)Testing the SP deployment as part of periodic review by FedOps
- Instituion initiated testing of SP as part of compliance review, e.g. wrt GDPR compliance, for a service they have a contract with
This topic should include the technical implementation of the use cases we would like to test against. In addition it needs to discuss and if need be develop a means to support FedOps to deploy the testsuite both technically and operationally. Next to technical and operational requirements we need to understand as well as potential legal aspects, so we can include all of these in the design of the test suite. Activities: - Run at least 1 workshop with the community of Federation Operators to collect and discuss use cases, requirements and deployment scenario's
- Gather at least 3 federation operators who are willing to act as stakeholders and help test the tool in a controled environment
- Discuss feasibility, risks and risk mitigation possibilities with legal advisor, describe design considerations that result from this discussion
- Discuss challanges around use cases and describe proposed resolution, allow stakeholders to review
- Select and implement use cases into test suite
- Develop a deployment plan with stakeholders to scale up the use of the tool to real world usecases
- Optional: consider what would be needed to extent this test to OIDC RPs
|