You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Use cases

Initial setup after installation

The instance may participate in one or more federations. "Federation" is a generic term here, encompassing SAML federations, a collection of OIDC parties, or an intra-organisation set of entities (internal federation). The instance will have an identity as either a service provider (SAML SP or OIDC RP), an identity provider (SAML IdP or OIDC OP), or both. These roles will define the deployment’s identity.

  1. After deployment, the "My Metadata" screen is initially empty.
  2. With an "Add Role" (we might rename it if a better suggestion arises) button, the user can select one of the following: SAML IdP, OIDC OP, SAML SP, OIDC RP.
  3. Regardless of what is selected, the user can set up a Display Name and a Logo for the chosen role.
  4. If the SAML IdP role is selected, a checklist of supported entity categories will be available:
    1. Research & Scholarship
    2. Anonymous Access (v2)
    3. Pseudonymous Access (v2)
    4. Personalised Access (v2)
  5. If the SAML SP role is selected, the following settings/attributes are available:
    1. Research & Scholarship
    2. Code of Conduct

Adding remote entity metadata

Context: The user can add metadata for the entities this deployment should know and trust.

  1. On the metadata management screen, the user presses "Add remote entity metadata."
  2. The available options depend on the roles configured:
    1. If the instance has the SAML IdP role, the user can add SAML SP metadata from XML or a URL to download.
    2. If the instance has the OIDC OP role, the user can add a redirect URI, name, and description (the instance provisions the client ID and client secret).
    3. If the instance has the SAML SP role, the user can add SAML IdP metadata.
    4. If the instance has the OIDC RP role, the user can add an OP.

Specific features:

  • Step back/forward during config changes (step-by-step wizard for adding a new entity/item)?
  • Metadata should feed into SSP and SaToSa configurations, or we limit to one for the MVP?
  • Add/remove entity metadata to participated federation(s)?
  • Could remote entities be offered based on federation metadata?

Adding metadata source

Context: You can add an MDQ source and trust everything retrieved from it. In a future, more advanced version, you may also be able to add an OIDFed intermediate authority.

TBD

Deactivate/activate remote entity

  1. On the metadata screen, entities already added to the instance should be able to be deactivated and reactivated (via a button or checkbox).

Features: What about notifying the changed status to other known related entities?

Configure proxy mode

Context: If you added at least one of (SAML IdP, OIDC OP) and one of (SAML SP, OIDC RP), then you can act as a proxy. In this case, a configuration option that was previously unavailable ("grey") becomes available as 'Proxy configuration.'
Here, you can add identity and profile attribute mappings.

Features: Is proxying between SAML and OIDC for a later version beyond the MVP?

Edit data sources and data release (not MVP)

Context: This applies only if a SAML IdP or OIDC OP role is enabled.

Note: For the MVP, custom attribute release per remote entity is not implemented. Instead, there is a generic setup that may still be conditional on remote entity categories (e.g., CoCo gets more {attributes?}).

  1. On the Configuration screen, the user adds a data source:
    1. SQL
    2. LDAP
    3. Other...
  2. The user adds connection data for the data source.
  3. The user adds attribute mappings for the data source, e.g., DB field → attribute name.

Information architecture

  • Dashboard

    • Overview of metadata management status.
    • Quick access to recent activities and common tasks.
  • Configuration
    • Configuration of the local instance not related to remote entities.
      • Attribute sources

    • Features: Originally suggested generic entity configuration management features; now only locally?:

      • Export/import of config items/entities.
      • Copy/delete (copy as poor man's versioning).
      • Editing of entities in the GUI (common configuration items, protocol-specific features).
      • Raw config edit.
      • Config check.
      • Apply config.
      • Git config save.
      • Generic post-processor for configs, which could be used for configuration check, deployment, activation, and Git push.
      • Versioning and rollback from Git (Git config restore).
      • Dynamic updates to the configuration without requiring a full joint restart of the GUI, role components, or proxy service (by keeping them apart).


  • Metadata Management

    • Federation-level: Interface to add/edit federation-wide metadata.
    • Individual SPs/IdPs: Interface to add/edit metadata for individual SPs/IdPs, with options for manual entry or file import.

  • Relation Management

    • Select SP/IdP: Dropdown or search functionality to select an SP/IdP.
    • Activate SP/IdP: Toggle to activate the selected SP/IdP.
    • Attribute Release Policy (SP): Options to configure REFEDs entity categories for SPs.
    • Requested Attributes (IdP): Options to select requested entity categories for IdPs.

  • My Metadata

    • Display Name: Field to enter/display the name of the proxy.
    • ?Supported Entity Categories: Checklist or dropdown to select supported categories.
    • Logo: Upload functionality to add a logo.

 Common actions → visual components

  1. Navigation

    1. Top Navigation Bar: Links to main sections like Dashboard, Metadata Management, Relation Management, and My Metadata.
    2. Sidebar Navigation: For quick access to subsections within the main areas.

  2. Forms and Input Fields

    1. Text Input Fields: For entering metadata, display names, and other textual information.
    2. Dropdown Menus: For selecting options such as entity categories, SPs, and IdPs.
    3. Checkboxes and Radio Buttons: For selecting multiple or single options, such as supported entity categories and requested attributes.
    4. File Upload Fields: For importing metadata files or uploading logos.
    5. Toggle Switches: For activating or deactivating SPs/IdPs.

  3. Buttons and Actions

    1. Primary Action Buttons: For saving, adding, or submitting forms.
    2. Secondary Action Buttons: For cancelling, editing, or deleting actions.
    3. Icon Buttons: For quick actions like editing or deleting items in a list.

  4. Tables and Lists

    1. Data Tables: For displaying lists of SPs/IdPs, including columns for relevant metadata and actions.
    2. Paginated Lists: For managing large datasets with navigation controls.
    3. Expandable Rows: For viewing detailed information about a specific SP/IdP within a table.

  5. Modals and Dialogs

    1. Confirmation Dialogs: For confirming actions like deletions or important changes.
    2. Form Modals: For adding or editing metadata in a focused environment.

  6. Search and Filter

    1. Search Bars: For finding specific SPs/IdPs or metadata entries.
    2. Filter Options: For narrowing down lists based on criteria like entity categories or active status.

  7. Feedback and Notifications

    1. Toast Notifications: For temporary messages about actions (e.g., "Metadata saved successfully").
    2. Error Messages: Inline or modal messages for form validation errors or system issues.
    3. Success Messages: Inline or modal messages confirming successful actions.

  8. Dashboard Widgets

    1. Summary Cards: For displaying key metrics and statuses (e.g., total SPs, active IdPs).
    2. Activity Feeds: For showing recent actions and changes.

  9. Visual Indicators

    1. Status Badges: For indicating the status of SPs/IdPs (e.g., active, inactive).
    2. Progress Bars: For showing the progress of actions like file uploads or metadata synchronisation.

  10. User Profile and Settings

    1. Profile Dropdown: For user account management, logout, and settings.
    2. Settings Page: For configuring user preferences and system settings.

Features for a later version

  • Search
  • Proxy wizard
  • Mapping between local and remote admin users, we could restrict the the MVP to require mutually identical or trusted users
  • Is proxying between SAML and OIDC for a later version beyond the MVP?

  • Topology graph.

  • Reporting and analytics: statistics, issues, events/logs.
  • Audit trail (in addition to basic reports)
  • Management of multiple/remote proxy instances.

  • Entity lifecycle management: Draft, Test, Production, Support for parked entities/configs, Logically deleted.

  • Publicly specified API to access/edit service and entities configuration/history.
  • Managing (meta)data exchange (at the proxy)
    • Management of attribute filtering between IdPs and SPs.
    • Management of mapping of attributes.
    • Attribute transformation rules.
    • Setting of attribute values for entities.
  • Possibly contentious:
    • Validation of encryption and signatures of entities and their messages.
    • Enforcement of authentication and authorisation policies (defined locally or by IdPs).
    • Integration with MFA by the proxy.

Wireframes


  • No labels