| <!-- Content -->
<div class="container-fluid">
  <!-- Banner -->
  <div
    class="row pt-4 pr-4 pb-5"
    style="background: linear-gradient(#4051a3ff, white); height: 15em"
  >
    <img
      src="https://wiki.geant.org/download/attachments/148090083/dashboard-banner.svg"
      class="mx-auto"
      style="height: 100%; width: 100%"
    />
  </div>
  <!-- Head -->
  <div class="row row-cols-5">
    <div class="col">
      <div class="card mb-3">
        <div class="row g-0">
          <div class="col-md-4 p-2 color-completed">
            <img
              src="https://wiki.geant.org/download/attachments/148090083/trophy.svg"
              class="card-img p-2"
            />
          </div>
          <div class="col-md-8" style="background-color: #e6e6e6">
            <div class="card-body text-center">
              <div class="card-text font-weight-bold" style="font-size: xx-large">34</div>
              <p class="card-text"><small class="text-muted">Completed activities</small></p>
            </div>
          </div>
        </div>
      </div>
    </div>
    <div class="col">
      <div class="card mb-3">
        <div class="row g-0">
          <div class="col-md-4 color-ongoing">
            <img
              src="https://wiki.geant.org/download/attachments/148090083/gears.svg"
              class="card-img p-2"
            />
          </div>
          <div class="col-md-8" style="background-color: #e6e6e6">
            <div class="card-body text-center">
              <div class="card-text font-weight-bold" style="font-size: xx-large">4</div>
              <p class="card-text"><small class="text-muted">Ongoing activities</small></p>
            </div>
          </div>
        </div>
      </div>
    </div>
    <div class="col">
      <div class="card mb-3">
        <div class="row g-0">
          <div class="col-md-4 color-pending">
            <img
              src="https://wiki.geant.org/download/attachments/148090083/idea.svg"
              class="card-img p-2"
            />
          </div>
          <div class="col-md-8" style="background-color: #e6e6e6">
            <div class="card-body text-center">
              <div class="card-text font-weight-bold" style="font-size: xx-large">2</div>
              <p class="card-text"><small class="text-muted">Pending ideas</small></p>
            </div>
          </div>
        </div>
      </div>
    </div>
    <div class="col">
      <div class="card mb-3">
        <div class="row g-0">
          <div class="col-md-4" style="background-color: lightblue">
            <img
              src="https://wiki.geant.org/download/attachments/148090083/student.svg"
              class="card-img p-2"
            />
          </div>
          <div class="col-md-8" style="background-color: #e6e6e6">
            <div class="card-body text-center">
              <div class="card-text font-weight-bold" style="font-size: xx-large">9</div>
              <p class="card-text"><small class="text-muted">TIM students</small></p>
            </div>
          </div>
        </div>
      </div>
    </div>
    <div class="col">
      <div class="card mb-3">
        <div class="row g-0">
          <div class="col-md-4" style="background-color: lightsalmon">
            <img
              src="https://wiki.geant.org/download/attachments/148090083/team.svg"
              class="card-img p-2"
            />
          </div>
          <div class="col-md-8" style="background-color: #e6e6e6">
            <div class="card-body text-center">
              <div class="card-text font-weight-bold" style="font-size: xx-large">14</div>
              <p class="card-text"><small class="text-muted">Active members</small></p>
            </div>
          </div>
        </div>
      </div>
    </div>
  </div>
  <!-- Timeline -->
  <div class="row">
    <div class="card border-0">
      <div class="row g-0">
        <div class="col-8 offset-2">
          <img
            src="file:///Users/di36qum/Development/incubator_dashboard/images/timeline.svg"
            class="card-img"
          />
        </div>
        <div class="col-2" style="background-color: #e6e6e6">
          <div class="card-body text-center">
            <div class="card-text font-weight-bold" style="font-size: xx-large">7 / 9</div>
            <p class="card-text"><small class="text-muted">Iterations</small></p>
          </div>
        </div>
      </div>
    </div>
  </div>
  <hr />
  <!-- Overview section -->
  <div class="accordion d-print-none" id="overview-panel">
    <div class="row">
      <div class="btn-group col-4" role="group">
        <button
          class="btn btn-outline-primary"
          id="tab-main-head"
          type="button"
          data-bs-toggle="collapse"
          data-bs-target="#tab-incubator-body"
        >
          Incubator
        </button>
        <button
          class="btn btn-outline-primary"
          id="tab-topics-head"
          type="button"
          data-bs-toggle="collapse"
          data-bs-target="#tab-topics-body"
        >
          Topics
        </button>
        <button
          class="btn btn-outline-primary"
          id="tab-deliverable-head"
          type="button"
          data-bs-toggle="collapse"
          data-bs-target="#tab-deliverable-body"
        >
          Handover
        </button>
        <button
          class="btn btn-outline-primary"
          id="tab-timeline-head"
          type="button"
          data-bs-toggle="collapse"
          data-bs-target="#tab-timeline-body"
        >
          Innovation
        </button>
      </div>
    </div>
    <!-- Incubator tab -->
    <div class="row collapse show" id="tab-incubator-body" data-bs-parent="#overview-panel">
      <div class="col-4">
        <div class="list-group" role="tablist">
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action active"
            id="incubator-vision-head"
            data-bs-toggle="list"
            href="#incubator-vision"
            role="tab"
            >Vision & Mission</a
          >
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action"
            id="incubator-process-head"
            data-bs-toggle="list"
            href="#incubator-process"
            role="tab"
            >Process Methodology</a
          >
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action"
            id="incubator-roles-head"
            data-bs-toggle="list"
            href="#incubator-roles"
            role="tab"
            >Community Engagement
          </a>
        </div>
      </div>
      <div class="col-8">
        <div class="tab-content" id="incubator-content">
          <div class="tab-pane fade show active" id="incubator-vision" role="tabpanel">
            <p>
              The GN Trust and Identity Incubator (“T&I Incubator”) aims to develop, foster and
              mature new ideas in the Trust and Identity space in Research and Education. The
              incubator will investigate new technologies that currently have no place (yet) in the
              services ecosystem of the GÉANT project. This may include to test and experiment with
              potential new features for existing GÉANT services. In addition also business case
              development for potential new services and developments that would improve data
              protection and privacy aspects in services or software are in scope.
            </p>
            <div>
              <a
                href="https://wiki.geant.org/x/wbAuBw"
                target="_blank"
                class="btn btn-outline-primary"
                >Activity Process</a
              >
            </div>
          </div>
          <div class="tab-pane fade" id="incubator-process" role="tabpanel">
            <p>
              The T&I incubator runs four to eight incubator activities per project year in
              parallel. These incubators typically take about 6 months and employ an agile
              methodology to enable rapid development of ideas. Preferably at least two subject
              matter experts work together with support from the project team. Subject matter
              experts are recruited from within the team or, preferred, sponsored by their NRENs. In
              addition, the project team facilitates the incubator track by providing a scrum master
              and dedicated developers.
            </p>
            <div>
              <a
                href="https://wiki.geant.org/x/O4LYBw"
                target="_blank"
                class="btn btn-outline-primary"
                >Development Process</a
              >
            </div>
          </div>
          <div class="tab-pane fade" id="incubator-roles" role="tabpanel">
            <p>
              Main Incubator Board (MIB) aims to represent a broad view on Trust and Identity
              related developments in R&E. MIB members are senior subject matter experts from the
              European NREN trust and identity community. They evaluate new ideas and provide advice
              to the work package lead. They are also responsible for reviewing activities at the
              end of each incubator cycle and providing recommendations on how to proceed. The
              incubator team presents their results regularly to the the MIB's and the wider
              community. In the middle and at the end of a cycle there are two events public events,
              so called sprint demos.
            </p>
            <div>
              <a
                href="https://wiki.geant.org/x/sbAuBw"
                target="_blank"
                class="btn btn-outline-primary"
                >Selection Process</a
              >
            </div>
          </div>
        </div>
      </div>
    </div>
    <!-- Topics tab -->
    <div class="row collapse" id="tab-topics-body" data-bs-parent="#overview-panel">
      <div class="col-4">
        <div class="list-group" role="tablist">
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action active"
            id="topics-identity-head"
            data-bs-toggle="list"
            href="#topics-identity"
            role="tab"
            >Identity and Access Management
          </a>
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action"
            id="topics-standards-head"
            data-bs-toggle="list"
            href="#topics-standards"
            role="tab"
            >Standards and Protocols
          </a>
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action"
            id="topics-security-head"
            data-bs-toggle="list"
            href="#topics-security"
            role="tab"
            >Security and Privacy
          </a>
        </div>
      </div>
      <div class="col-8 tab-content" id="topics-content">
        <div class="tab-pane fade show active" id="topics-identity" role="tabpanel">
          <div class="row mb-2">
            Identity and Access Management (IAM) is about creating and managing digital identity for
            users, which can be used to represent a person in the digital world. Using state of the
            art authentication and authorization methods ensures that only the owner can access his
            identity and only entitled can access a resource. In this area, it is all about Identity
            Providers, Identity Federation, Service Providers and Discovery Services. Your project
            may improve existing software solutions or create new applications for a global
            community.
          </div>
        </div>
        <div class="tab-pane fade" id="topics-standards" role="tabpanel">
          <div class="row">
            Building on top of existing infrastructure and applications, Standards and Protocols is
            about creating new ways to for applications and users to communicate. This area is all
            about protocols and standards used or being developed in the global Trust and Identity
            community, like the Security Assertion Markup Language (SAML) and Open ID Connect
            (OIDC), which will be used to integrate new capabilities in an already existing large
            infrastructure.
          </div>
        </div>
        <div class="tab-pane fade" id="topics-security" role="tabpanel">
          <div class="row">
            Security is an integral part of most applications and infrastructures. Ensuring data
            protection, privacy and safety by using measures like encryption and cryptography is
            nowadays mandatory. In this area, you may investigate, test and integrate new security
            features in existing Trust & Identity applications or to create new services that help
            secure our community, by working on for example multi factor authentication or HSM
            technologies.
          </div>
        </div>
      </div>
    </div>
    <!-- Deliverable tab -->
    <div class="row collapse" id="tab-deliverable-body" data-bs-parent="#overview-panel">
      <div class="col-4">
        <div class="list-group" role="tablist">
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action active"
            id="deliverable-service-head"
            data-bs-toggle="list"
            href="#deliverable-service"
            role="tab"
            >T&I Service Task</a
          >
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action"
            id="deliverable-community-head"
            data-bs-toggle="list"
            href="#deliverable-community"
            role="tab"
            >R&E Community</a
          >
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action"
            id="deliverable-external-head"
            data-bs-toggle="list"
            href="#deliverable-external"
            role="tab"
            >External Parties
          </a>
        </div>
      </div>
      <div class="col-8">
        <div class="tab-content" id="incubator-content">
          <div class="tab-pane fade show active" id="deliverable-service" role="tabpanel">
            <p>
              The service task operates and maintains the T&I services in the GÉANT project. The
              incubator works closely with the responsible service owner on activities that have an
              impact on an existing service. They are already involved in the selection of new
              activities to ensure that the topic is appropriately supported. Once the activity is
              completed, all results are handed over to the service owner, who will take care of
              further development.
            </p>
          </div>
          <div class="tab-pane fade" id="deliverable-community" role="tabpanel">
            <p>
              Some of the Incubator's outputs are not handed over to a specific party, but are made
              available to the wider community. These are, for example, the results of studies and
              research that are published or software that is publicly released as open source. All
              results are publicly available and announced via the project's news channels to inform
              as many community members as possible.
            </p>
          </div>
          <div class="tab-pane fade" id="deliverable-external" role="tabpanel">
            <p>
              In addition to the general R&E community, the Incubator sometimes works with external
              partners. These can be other communities, projects or groups that develop software
              products or provide services. Examples are institutions, individual NRENS or groups
              such as the Shibboleth Consortium.
            </p>
          </div>
        </div>
      </div>
    </div>
    <!-- Timeline tab -->
    <div class="row collapse" id="tab-timeline-body" data-bs-parent="#overview-panel">
      <div class="col-4">
        <div class="list-group" role="tablist">
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action active"
            id="timeline-head"
            data-bs-toggle="list"
            href="#timeline"
            role="tab"
            >Incubator Timeline
          </a>
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action"
            id="timeline-c2-head"
            data-bs-toggle="list"
            href="#timeline-c2"
            role="tab"
            >How to submit new ideas
          </a>
          <a
            class="btn btn-outline-primary list-group-item list-group-item-action"
            id="timeline-c3-head"
            data-bs-toggle="list"
            href="#timeline-c3"
            role="tab"
            >Overview of new ideas and activities
          </a>
        </div>
      </div>
      <div class="col-8">
        <div class="tab-content" id="timeline-content">
          <div class="tab-pane fade show active" id="timeline" role="tabpanel">
            <div class="list-group list-group-horizontal">
              <a
                href="https://wiki.geant.org/x/sKrTC"
                class="list-group-item list-group-item-action color-completed"
                ><strong>Cycle 1</strong><br />
                05 Mar 2019 - 12 Nov 2019</a
              >
              <a
                href="https://wiki.geant.org/x/s6rTC"
                class="list-group-item list-group-item-action color-completed"
                ><strong>Cycle 2</strong><br />15 Nov 2019 - 30 Jun 2020</a
              >
              <a
                href="https://wiki.geant.org/x/QwCeDQ"
                class="list-group-item list-group-item-action color-completed"
                ><strong>Cycle 3</strong><br />03 Jul 2020 - 09 Feb 2021</a
              >
            </div>
            <div class="list-group list-group-horizontal">
              <a
                href="https://wiki.geant.org/x/hoDvF"
                class="list-group-item list-group-item-action color-completed"
                ><strong>Cycle 4</strong><br />05 Mar 2021 - 22 Sep 2021</a
              >
              <a
                href="https://wiki.geant.org/x/BYDnGw"
                class="list-group-item list-group-item-action color-completed"
                ><strong>Cycle 5</strong><br />08 Oct 2021 - 03 Mar 2022</a
              >
              <a
                href="https://wiki.geant.org/x/bLAuBw"
                class="list-group-item list-group-item-action color-completed"
                ><strong>Cycle 6</strong><br />20 Mar 2022 - 15 Dec 2022</a
              >
            </div>
            <div class="list-group list-group-horizontal">
              <a
                href="https://wiki.geant.org/x/hgATIw"
                class="list-group-item list-group-item-action color-pending"
                ><strong>Cycle 7</strong><br />06 Feb 2023 - 03 Sep 2023</a
              >
              <a
                href="https://wiki.geant.org/x/igATIw"
                class="list-group-item list-group-item-action color-ongoing"
                ><strong>Cycle 8</strong><br />25 Sep 2023 - 21 Apr 2024</a
              >
              <a
                href="https://wiki.geant.org/x/jAATIw"
                class="list-group-item list-group-item-action color-pending"
                ><strong>Cycle 9</strong><br />13 May 2024 - 15 Dec 2024</a
              >
            </div>
          </div>
          <div class="tab-pane fade" id="timeline-c2" role="tabpanel">
            <p>
              The Incubator accepts proposals from the entire R&E community as long as they are
              suitable to improve the T&I space. All kinds of innovative ideas are welcome,
              regardless of whether they are about new products, improving existing services or even
              completely disruptive. The format for submitting a proposal is designed to be as
              simple as possible. There is a "Call for Ideas" page in the GÉANT wiki where anyone
              can share their ideas. All you have to do is create a new row in the table and
              describe your own idea. Other community members can comment and support it. The more
              popular an idea is, the more likely it is to be implemented in the Incubator. New
              ideas can be submitted at any time, but there is a deadline before each cycle so that
              they can be considered for the next cycle.
            </p>
            <a
              href="https://wiki.geant.org/x/jwATIw"
              target="_blank"
              class="btn btn-outline-primary m-1"
              >Call for Ideas</a
            >
          </div>
          <div class="tab-pane fade" id="timeline-c3" role="tabpanel">
            <a href="https://wiki.geant.org/download/attachments/588447889/diagram-ideas.svg"
              ><img
                src="https://wiki.geant.org/download/attachments/588447889/diagram-ideas.svg"
                class="img-thumbnail"
            /></a>
            <a href="https://wiki.geant.org/download/attachments/588447889/diagram-activities.svg"
              ><img
                src="https://wiki.geant.org/download/attachments/588447889/diagram-activities.svg"
                class="img-thumbnail"
            /></a>
          </div>
        </div>
      </div>
    </div>
  </div>
  <br />
  <hr class="d-print-none" />
  <h2>Activities</h2>
  <!-- Card filter -->
  <div class="row row-cols-4 pb-3">
    <div class="col">
      <input
        type="text"
        id="card-filter-text"
        class="form-control"
        onkeyup="searchActivities()"
        placeholder="Search activity"
      />
    </div>
    <div class="col">
      <select id="card-filter-topic" class="form-control" oninput="searchActivities()">
        <option selected value="">All topics</option>
        <option value="Identity">Identity and Access Management</option>
        <option value="Standards">Standards and Protocols</option>
        <option value="Security">Security and Privacy</option>
      </select>
    </div>
    <div class="col">
      <select id="card-filter-cycle" class="form-select" oninput="searchActivities()">
        <option selected value="">All cycles</option>
        <optgroup label="GN4-3">
          <option>Cycle 1</option>
          <option>Cycle 2</option>
          <option>Cycle 3</option>
          <option>Cycle 4</option>
          <option>Cycle 5</option>
          <option>Cycle 6</option>
        </optgroup>
        <optgroup label="GN5-1">
          <option>Cycle 7</option>
          <option value="Cycle 8">Cycle 8 (Current)</option>
          <option>Cycle 9</option>
        </optgroup>
      </select>
    </div>
    <div class="col">
      <select id="card-filter-deliverable" class="form-control" oninput="searchActivities()">
        <option selected value="">All parties</option>
        <option value="Service">T&I Service</option>
        <option value="Community">R&E Community</option>
        <option value="External">External Party</option>
      </select>
    </div>
  </div>
  <!-- Cards -->
  <div class="row" id="card-grid">
    <!-- #include-cards -->
    <!-- AARC BPA -->
    <div class="col-sm-6 col-lg-4 mb-4" id="aarc-bpa">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/aarc-bpa.jpeg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="20 Mar 2022 - 15 Dec 2022"
              >Cycle 6</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">Self-sovereign identity and the AARC BPA</h2>
          <p class="card-text">
            The AARC Blueprint Architecture (BPA) describes a "Community AAI" solution, a set of
            software building blocks that can be used to implement federated access management
            solutions for (inter)national research collaborations. The benefit of the BPA is that
            its proxy-based architecture provides both a technical integration point for
            authentication and authorisation, as well as a centralised point for implementing the
            research communities' policies. The BPA also identifies a "membership management
            service" which implements community-specific onboarding to help establish the
            researcher's status and may be used to issue community-specific attributes to establish
            roles and rights. Implementations of the BPA, like eduTEAMS and SRAM, have greatly
            improved the capability to use FIM for research communities.
            <br />
            At first glance, a SSI based model may offer similar benefits as the AARC BPA model,
            while reducing the number of impediments as a wallet model may take away the need to
            have a proxy as the central authentication gateway. This activity will further explored
            the potential use of SSI technology in the context of the AARC BPA. It will describing
            where SSI technology may be leveraged, explore benefits and challenges and describe how
            that may be implement. A number of technical pilots will test the assumptions.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#aarc-bpa-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/sgATIQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="aarc-bpa-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/472711298/Decentralised%20identity%20for%20GÉANT%2C%20NRENs%20and%20institutions%20-%20use%20cases%20and%20opportunities.pdf?api=v2"
                  >Report on Decentralised identity for GÉANT, NRENs and institutions</a
                >
              </li>
              <li>
                <a href="https://wiki.geant.org/x/UoDDH">AARC BPA SSI Expert group landing page</a>
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              Based on multiple workshops with representatives from the wider community, a report on
              decentralised identity management was published. It is publicly available to the
              <strong>community</strong>
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Account Linking -->
    <div class="col-sm-6 col-lg-4 mb-4" id="account-linking">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/account-linking.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="08 Oct 2021 - 03 Mar 2022"
              >Cycle 5</span
            >
            <span class="badge rounded-pill text-bg-secondary"> TIM </span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">Account Linking</h2>
          <p class="card-text">
            Account linking is, in principle, a simple process of joining users digital identities.
            Users have to prove that they own two or more digital identities, which are
            consecutively linked together in the identity management system. CESNET has very
            positive feedback on ELIXIR workflow for account linking. User signs in with one
            identity, then with a second one, and the identities are linked. The positive feedback
            is coming not only from the ELIXIR community but also from users from other communities,
            even outside the life-science area. The significant issue of the workflow is its user
            interface, which is still too complicated for users to navigate through smoothly.
            Because the process consists of several steps, skipping one step or leaving the linking
            process unfinished makes it even more prone to errors. Users need a straightforward
            interface that will guide them step-by-step through the whole process.
            <br />
            The goal of the topic is to develop a new web application for account linking, test it
            with end-users and improve it based on user feedback. The application has to support a
            recommendation system that tries to guess linkable identities. It also has to deal with
            all possible situations in a user-friendly way. The situations include linking
            identities that already belong to different registered users or linking identities
            neither of which belongs to a registered user.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#account-linking-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/awD6F"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="account-linking-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://gitlab.software.geant.org/matteo/idp-sp_testbed">Source Code</a>
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/351928427/Account%20linking%20documentation.pdf?api=v2"
                  >Documentation</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>The source code was submitted upstream to the Perun developers.</p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Alternative MDX -->
    <div class="col-sm-6 col-lg-4 mb-4" id="alternative-mdx">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/alternative-mdx.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="08 Oct 2021 - 03 Mar 2022"
              >Cycle 5</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">Alternative MetaData eXchange</h2>
          <p class="card-text">
            With the growth of the metadata feeds all over the world, together with the increased
            need for catering for multiple federations at once, Service Providers are increasingly
            reliant on the MetaData Query (MDQ) protocol, for Relying Party metadata lookup. (MDQ is
            also commonly referred to as MDX (MetaData eXchange) for historical reasons: the name of
            a mailing list where the spec was discussed.) This protocol is however not widely deploy
            at this time, due to technical complexity In addition, for MDQ there is only one
            implementation in common use: pyFF. This is a risk as it creates a high dependence on
            that piece of technology.
            <br />
            This activity seeks to simplify the scalable use of MDQ, both for federations that
            currently operate a MDQ as well as for federations tat do not provide an MDQ service. In
            addition it wants to create an alternative implementation, next to pyFF, for creating
            and managing XML metadata. The aim is to deliver EntityDescriptors as flat files in such
            a way this mimics MDQ protocol and combine that with Global DNS to create a super fast
            and highly redundant distribution mechanism for MDQ.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#alternative-mdx-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/i4DvF"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="alternative-mdx-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://gitlab.software.geant.org/TI_Incubator/alternate-mdx"
                  >Source Code</a
                >
              </li>
              <li>
                <a href="https://wiki.geant.org/x/XACWFg">MDX pilot architecture</a>
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The design, source code and documentation was be made available to the
              <strong>community</strong>
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- AUP Service -->
    <div class="col-sm-6 col-lg-4 mb-4" id="aup-service">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/aup-service.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="20 Mar 2022 - 15 Dec 2022"
              >Cycle 6</span
            >
            <span class="badge rounded-pill text-bg-secondary"> TIM </span>
            <span class="badge rounded-pill bg-dark text-light">Community</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">Acceptable Use Policy Service</h2>
          <p class="card-text">
            The primary goal of the Authentication and Authorization Infrastructure (AAI) is to
            provide centralized authentication and authorization mechanisms. In an environment based
            on the AAI, one of such authorization rules might be fulfilling the policy requirements,
            set i.e. in an AUP document defined by the community, service provider, or
            organizational unit. In general, when the resource owner or provider decides that a
            specific policy has to be enforced when the resource is used, AAI needs to provide a
            mechanism for both sides to manage and fulfill this requirement. These rules need to
            cover several cases, i.e. a situation of actively using the resource (i.e. web-based
            service login), as well as just-in-case scenarios, like the data provisioning.
            <br />
            This topic aims to explore the area of enforcing acceptance of Acceptable Use Policies
            as an activity of managing access to resources. We like to understand which parties
            (e.g. user communities, e-infrastructures, resource owners, …) need to be involved in
            the process and how to combine their requirements together. Based on the analysis we
            will develop a web-based application which will provide tools to manage AUPs on a
            central level (within the AAI) and let users approve (whilst recording this act) such a
            policy document.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#aup-service-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/GwD2HQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="aup-service-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://gitlab.ics.muni.cz/perun-proxy-aai/python/aup-manager"
                  >AUP Manager source code
                </a>
              </li>
              <li>
                <a
                  href="https://drive.google.com/drive/folders/1wjrt3qJ6SgK4ir-HXGDjMuXe9q7wc6EW?usp=sharing"
                  >Demo videos</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The source code is publicly available to the <strong>community</strong> and will be
              maintained by <strong>CESNET</strong>. The final product will be tested as a part of
              the Life Sciences AAI (LS AAI), utilising the Proxy Identity Provider (SaToSa) and the
              Identity Management System (Perun) as the integration points.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Community Tagging (a.k. Pixie Dust) -->
    <div class="col-sm-6 col-lg-4 mb-4" id="community-tagging">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/community-tagging.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2019 - 12 Nov 2019"
              >Cycle 1</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">Community Tagging</h2>
          <p class="card-text">
            Research communities have a need to express and potentially share certain trust marks on
            IdPs and SPs. These trust marks may differ from existing trust marks issued by identity
            federations. This is why this activity implemented a proof of concept based on a given
            set of community requirements and investigated in potential scenarios and impacts.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-12"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/Z7AuBw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-12">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/120500327/Community%20tagging%20-%20GAP%20analysis.pdf?version=1&modificationDate=1574693562199&api=v2"
                  >Community Tagging GAP analysis</a
                >
              </li>
              <li>Proof of concept using Access Check Tool in conjunction with Jagger</li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/126983709/Video1-Jagger_create_fed_and_end_cat.mp4?version=1&modificationDate=1573558150477&api=v2"
                  >Video: create a federation and new entity catergory</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/126983709/Video2-Access_Check.webm?version=1&modificationDate=1573558175315&api=v2"
                  >Video: Access Check</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/126983709/Video3-Jagger_after_Access_check.webm?version=1&modificationDate=1573558184817&api=v2"
                  >Video: Jagger after Access Check</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The work has been concluded. Documentation on the prototype is publicly available and
              the results were provided to the <strong>SIRTFI community </strong> to further pursue
              this POC.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Community trust -->
    <div class="col-sm-6 col-lg-4 mb-4" id="community-trust">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/community-trust.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="15 Nov 2019 - 30 Jun 2020"
              >Cycle 2</span
            >
            <span class="badge rounded-pill bg-dark text-light">Service</span>
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">Community-Based Trust</h2>
          <p class="card-text">
            This activity examined how identity vetting and token registration can be scaled for
            second-factor authentication scenarios where participants are distributed over EU and
            beyond. As part of this activity a specific flow - based on a community-based approach -
            was investigated. It takes into account the concept of the Web of Trust. While this
            mechanism typically does not work well in broad user groups, it is very well suited to
            distribute trust between small groups where a pre-existing trust fabric is already in
            place, as we typically have in research communities. What was missing is a means to make
            this trust network auditable and transparent. In order to make the trust network
            transparent, this activity identified and developed tools to support this flow.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-2"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/RQL5Bw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-2">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://wiki.geant.org/x/lxj5Bw">Community based trust architecture</a>
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/133759557/vetting%20flow%20with%20readid.pdf?api=v2"
                  >Identity validation service design <small>using readID</small></a
                >
              </li>
              <li>
                <a href="https://wiki.geant.org/x/jwG7C">Fully integrated test environment</a>
              </li>
              <li>
                <a href="https://github.com/mrvanes/commtrust">Publicly available source code</a>
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The outcome is intended to be used in the scope of
              <strong>research communities</strong>. In collaboration with the
              <strong>eduTEAMS task</strong> the results can be used to provision and improve the
              Stepup solution of the GÉANT service.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Cryptech HSM - Preparation phase -->
    <div class="col-sm-6 col-lg-4 mb-4" id="cryptech-hsm">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/cryptech.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Security</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2019 - 12 Nov 2019"
              >Cycle 1</span
            >
          </div>
          <h2 class="card-title">Cryptech HSM</h2>
          <p class="card-text">
            In many of the T&I services in the R&E sector, there is a need to securely store
            sensitive data like key material. Currently, this is rarely done using Hardware Security
            Modules (HSM) as they are associated with high costs. The goal of this activity was to
            evaluate the capability and applicability of affordable devices from the Cryptech
            project for use cases within the GÉANT project and to set up devices for testing
            purposes.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-13"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/brAuBw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-13">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>Evaluated usage of Diamond Key appliances and capabilities</li>
              <li>
                <a
                  href="https://docs.google.com/document/d/18Am5R3MypAuiZyNoEmPVhLLrvrKby3CUlUpnzIDfyZw/edit"
                  >Detailed community use-cases for HSM</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The work could not be concluded as Diamondkey seased operations during the evaluation
              period.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- DI revisited -->
    <div class="col-sm-6 col-lg-4 mb-4" id="di-revisited">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/di-revisited.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="08 Oct 2021 - 03 Mar 2022"
              >Cycle 5</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">Distributed Identity Revisited</h2>
          <div class="card-text">
            <p>
              Distributed Identity (DI) presents an interesting paradigm for the T&I NREN community.
              Its concepts are very appealing and align well with public values in our community. At
              the same time many of the technical and functional properties are still in development
              and present numerous questions and challenges, as was shown in recent work in NRENs
              and in the Incubator. The activity proposed builds on earlier work and investigates
              the following aspects of DI:
            </p>
            <ul>
              <li>
                What roles could/should GEANT and NRENs play in a DI ecosystem, and what are the
                associated benefits, challenges and risks?
              </li>
              <li>
                Which current services in the GEANT portfolio would benefit from the use of DI, and
                what would that look like?
              </li>
              <li>
                To what extent can existing initiatives implementing distributed ledgers technology
                be used to act as a Verifyable Data Registry to satisfy the above use cases and
                requirements? We should test with for example EBSI, etherium or Sovrin. How do these
                compare to the IRMA solution we previously tested. (IRMA does not use DLT).
              </li>
              <li>
                Initial testing with IRMA revealed a wallet based approach may not always provide an
                optimal user experience. What requirements do we have for the User interface
                (wallet/app) and can we implement or mock these to test these requirements with
                stakeholders.
              </li>
            </ul>
          </div>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#di-revisited-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/i4DvF"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="di-revisited-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="#">Report on DI for GÉANT, NRENs and institutions</a>
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/351240335/TII%20Public%20Demo%205.3%20Feb%202022.pdf?version=1&modificationDate=1650873704224&api=v2"
                  >Demo video</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/351240335/Self%20Sovereign%20Identity%20use%20cases.pdf?version=1&modificationDate=1650873830567&api=v2"
                  >SSI use cases</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The investigation of DI use cases for GÉANT, NRENs and institutions was completed. The
              results were published as a report.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Discovery Pilot -->
    <div class="col-sm-6 col-lg-4 mb-4" id="discovery-pilot">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/discovery-service.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2019 - 12 Nov 2019"
              >Cycle 1</span
            >
            <span class="badge rounded-pill bg-dark text-light">Service</span>
          </div>
          <h2 class="card-title">Discovery Pilot</h2>
          <p class="card-text">
            Discovery is used in Federated Identity Management to locate the users home
            organization. This activity evaluated the pilot discovery service ran in the previous
            GÉANT project and investigated if/how the implementation technology Seamless Access
            developed within the RA1 project can be used for an implementation in eduGAIN.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-9"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/0bAuBw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-9">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/120500433/eduTEAMS%20Discovery%20Service%20Feedback%20Report.pdf?version=1&modificationDate=1556205985146&api=v2"
                  >DSX Discovery Service Feedback Report</a
                >
              </li>
              <li>Preparation of handover to eduGAIN service activity</li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The work has been concluded in the Incubator and was handed over to the
              <strong>eduGAIN service task</strong>
              for the purpose of making a production service.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Using Distributed Identity for managing researcher access -->
    <div class="col-sm-6 col-lg-4 mb-4" id="distributed-identity">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/distributed-identity.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2021 - 14 Sep 2021"
              >Cycle 4</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">Distributed Identity for researchers</h2>
          <p class="card-text">
            A new paradigm, Distributed Identity, tries to let user be in direct control of the
            profile information they share with services. Rather then letting others provide claims
            towards a service, the users collects claim themselves from various sources and
            independently provides these when so requested by services. The services can check the
            validity of these claims against a central verifiable claims registry. This activity
            investigates the functional requirements for such a system by interviewing key
            stakeholders.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-23"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/UACeDQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-23">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://wiki.geant.org/display/gn43wp5/DI4R+Report">DIR4R Report</a>
              </li>
              <li>
                <a href="https://wiki.geant.org/display/gn43wp5/Evolution+to+DI4R"
                  >Evolution to DI4R</a
                >
              </li>
              <li>
                <a href="https://gitlab.software.geant.org/TI_Incubator/di4r">Source Code</a>
              </li>
              <li>
                <a href="https://wiki.geant.org/display/gn43wp5/MFA+Options+for+SmartPhone+wallets"
                  >MFA Options for SmartPhone wallets</a
                >
              </li>
              <li>
                <a href="https://wiki.geant.org/display/gn43wp5/CAMP+presentation%2C+Oct+5%2C+2021"
                  >Demo video</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              This activity explored the applicability of distributed identity for research use
              cases. The results were published in a report and made available to the entire
              <strong>community</strong>.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Second Factor Authentication - Distributed Vetting -->
    <div class="col-sm-6 col-lg-4 mb-4" id="distributed-vetting">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/sfa.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2019 - 12 Nov 2019"
              >Cycle 1</span
            >
          </div>
          <h2 class="card-title">SFA - Distributed Vetting</h2>
          <p class="card-text">
            Several research communities, especially in the life sciences domain, have a need to use
            second factor authentication to improve the quality of their authentication. One of the
            challenges identified was how to securely vet the second factor tokens of the
            participants of a collaboration in a case where the members of the collaboration are
            very distributed, as is the case in most pan-EU research collaborations. This activity
            investigated, together with research communities, how the token registration can be
            scaled for scenarios where participants are distributed over the EU and beyond. The aim
            of this task was to identify ways this vetting can be done.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-7"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/zLAuBw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-7">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a
                  href="https://wiki.geant.org/display/gn43wp5/Second+Factor+Authentication+-+Distributed+Vetting?preview=/120500428/133771754/DV-MFA%20Report.pdf2"
                  >Final Distributed Vetting Report</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              A final report was delivered. The activity will continue for another
              <strong>Incubator</strong> cycle.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- eduLNK -->
    <div class="col-sm-6 col-lg-4 mb-4" id="edulnk">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/edulnk.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Security</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="03 Jul 2020 - 09 Feb 2021"
              >Cycle 3</span
            >
            <span class="badge rounded-pill bg-dark text-light">Service</span>
          </div>
          <h2 class="card-title">eduLNK</h2>
          <p class="card-text">
            eduLNK aims to provide software and potentially a servcie for a secure, persistent and
            privacy preserving link shortener for research and education. Link shorteners reduce a
            lengthy URL on the internet to something short and snappy, and sometimes easy to
            remember. As such it is a very well used and liked functionality within our community.
            Many ‘free’ link shorteners exist, however, their free nature comes with a number of
            challenges, including serving advertisements and data mining the users behaviour and
            interests. Next to privacy concerns, many free link shorteners have a limited lifetime
            for the links they present. eduLNK aspires to deliver a product from and for the
            community which can be trusted and used securely in a privacy preserving way.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-15"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/V5HTC"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-15">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li><a href="#"></a>eduLNK source code</li>
              <li><a href="https://test.edulnk.org/">eduLNK prototype</a></li>
              <li><a href="#"></a>Onboarding documentation</li>
              <li><a href="#"></a>New Idea Form</li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/148089097/eduLNK.mp4?version=1&modificationDate=1617046085217"
                ></a
                >Final presentation
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              A prototype of the eduLNK software was created and a public test instance was made
              available. With the submission of the official new idea form, eduLNK may become a
              potential new service in the GÉANT project.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Instant User Provisioning and Deprovisioning -->
    <div class="col-sm-6 col-lg-4 mb-4" id="feudal">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/feudal.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="15 Nov 2019 - 30 Jun 2020"
              >Cycle 2</span
            >
            <span class="badge rounded-pill bg-dark text-light">Service</span>
            <span class="badge rounded-pill bg-dark text-light">Community</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">Instant User Provisioning</h2>
          <p class="card-text">
            Some systems, like non-web services, cannot be federated easily because they need user
            accounts to be provisioned before they can login. A prototype of an instant deployment
            tool called FEUDAL was developed by KIT. It facilitates provisioning of user accounts
            using virtual organisations (VO). Feudal is based on OIDC: It is an OIDC client, and it
            simply transports the information of the /userinfo endpoint along. Feudal is based on
            the concept of VOs (or authorisation Groups), i.e. the end services provide the
            information which VOs it supports. Feudal web fronted will only display services for
            provisioning to a given user based on his VO membership.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-6"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/-QH5Bw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-6">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://wiki.geant.org/x/-4VgBw">Architecture document</a>
              </li>
              <li><a href="https://git.scc.kit.edu/feudal">Publicly available source code</a></li>
              <li>
                <a
                  href="https://git.scc.kit.edu/feudal/feudalAdapterLdf/-/blob/incubator-uros-ldap/ldf_adapter/backend/ldap.py"
                  >LDAP integration POC</a
                >
              </li>
              <li>
                <a href="https://feudal.scc.kit.edu/"
                  >Test environment <small>including eduTEAMS integration</small></a
                >
              </li>
              <li>
                <a href="https://wiki.geant.org/pages/viewpage.action?pageId=148078632"
                  >Promoted demo videos</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The aim of this project was to create an easy to use, adoptable software solution to
              provision server users and provide this tool to the <strong>community</strong>. The
              solution is ready to be picked up and further developed and used by
              <strong>KIT</strong>. They plan to use this software in two
              <strong>"Helmholtz" projects HDF and HIFIS</strong> in Germany for the foreseeable
              future. Besides this, the solution was adjusted to the needs of eduTEAMS. The solution
              was provided to the <strong>eduTEAMS service task</strong> to be integrated into the
              GÉANT service.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- geteduroam Linux client -->
    <div class="col-sm-6 col-lg-4 mb-4" id="geteduroam">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/588447889/geteduroam.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="06 Feb 2023 - 03 Sep 2023"
              >Cycle 7</span
            >
          </div>
          <h2 class="card-title">geteduroam Linux client</h2>
          <p class="card-text">
            The geteduroam service provides a novel way for end users to configure eduroam on their
            devices. It helps them to get the configuration correct and secure, by combinding
            federated web login with the provision of an x.509 client certificate to use for
            authentication, it makes deploying eduroam more secure and minimizes the risk of
            sensitive credentials leaking due to a mistaken, insecure configuration.
            <br />
            The Incubator implements a Linux client that interfaces with geteduroam and configures
            and refreshes the credential. This can be a commandline tool, but other types of
            interfaces can also be considered. If a basic client is available for Linux users, this
            provides instant value and makes it also easier for the community at large to make more
            incremental improvement after it.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-geteduroam"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/KoAcIw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-geteduroam">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://github.com/geteduroam/linux-app">geteduroam Linux client</a>
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/589070378/geteduroam_linux-final-demo.mp4?version=1&modificationDate=1699271790957&api=v2"
                  >geteduroam final demo</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              A working version of the geteduroam client for Linux was created and handed over to
              the
              <strong>edugain and the geteduroam developers</strong> for long term maintenance.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Identity Validation Broker Service Business Case -->
    <div class="col-sm-6 col-lg-4 mb-4" id="identity-broker">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/identity-validation.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="03 Jul 2020 - 09 Feb 2021"
              >Cycle 3</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">Identity Validation Broker</h2>
          <p class="card-text">
            Both research communities as well as institutions have a need for proper proof of the
            identity of their users. This ranges from cases where e.g. new students living abroad
            need to be identified as part of the boarding into an institution, to scenarios where
            access to (medical) data puts regulatory demands on the research community. Identity
            proofing is however expensive and scales very poorly, especially in cases where the
            users are (very) distributed. This activity investigates, based on requirements
            collected from multiple stakeholders, if and in which way this situation may be
            improved.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-16"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/WZHTC"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-16">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/148083033/Identity%20verification%20Requirements%20Gathering.pptx"
                  >Identity verification requirements</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/148083033/Stakeholder%20Report%20on%20Identity%20Verification%20for%20R%26E_v1.pdf"
                  >Stakeholder Report on Identity Verification for R&E</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/148083033/Identity%20Proofing%20for%20RE_v1.pdf"
                  >Identity Proofing for R&E</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/148089097/Identity_Broker.mp4?version=1&modificationDate=1617046433871"
                ></a
                >Final presentation
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              Our findings indicated a strong desire for information about the capabilities of the
              various document-based identity verification solutions, which would help in defining
              what the requirements and suitable deployment model for an R&E focused solution could
              be. In particular we concluded that further work would be needed to reach a definitive
              conclusion and recommended: Establishment of a platform for information capture and
              exchange on document-based identity verification solutions Comparative analysis of
              available commercial solutions should be performed and made available Surveying of the
              broader R&E community based on the findings so far to see the level of interest and
              support more generally Constructing a preliminary business case for a
              community-operated service following the broader survey It is hoped that an interested
              party or parties can take this work forward, as further work on this topic is
              currently outside the scope of the Incubator.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- IdP as a Service -->
    <div class="col-sm-6 col-lg-4 mb-4" id="idp-service">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/idpaas.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2019 - 12 Nov 2019"
              >Cycle 1</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">IdP as a Service</h2>
          <p class="card-text">
            The former GN4-2 project developed a solution to offer an IdP as a Service solution
            (IdPaaS) for hosted IdPs. This activity aimed at investigating the business case of this
            solution and to create a reference design and implementation for an easy to use software
            solution to enable NRENS to provide an IdPaaS offering.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-8"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/doSRBw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-8">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li><a href="https://wiki.geant.org/x/h4fYBw">IdPaaS Reference Design</a></li>
              <li><a href="https://wiki.geant.org/x/7wr5Bw">IDPaaS Reference Implementation</a></li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/126977142/IdPaaS%20Screencast.webm?api=v2"
                  >IdPaaS Screencast</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The work has been concluded within the Incubator. samlidp.io is available as an open
              source software for the <strong>community</strong> and may be used by commercial
              vendors as well.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Metadata push -->
    <div class="col-sm-6 col-lg-4 mb-4" id="metadata-push">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/metadata-push.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="15 Nov 2019 - 30 Jun 2020"
              >Cycle 2</span
            >
            <span class="badge rounded-pill bg-dark text-light">Service</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">Metadata push MDQ</h2>
          <p class="card-text">
            Metadata is at the heart of the trust fabric of current R&E Identity Federations. For
            the trust to properly propagate, this metadata is first collected from and then
            distributed by the federation towards the federation members. This activity had
            investigated a new proposal called "push MDQ", which introduces a new, potentially
            highly scalable way of distributing metadata.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-1"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/7AH5Bw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse .d-print-inline-block" id="details-1">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://github.com/mrvanes/pyFF/tree/websub"
                  >Publicly available source code</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/133759468/Using%20public%20websub%20hubs%20for%20PushMDQ.pdf?api=v2"
                  >Use of public websub hubs</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/133759468/PushMDQ%20implementation%20guidance%20for%20Federations.pdf?api=v2"
                  >Implementation guidance for federations</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              All changes made to the pyFF software were uploaded to the official software project
              to be maintained by the <strong>IdentityPython group</strong>. Furthermore, all
              results of the push MDQ analysis and the POC were transferred to the
              <strong>eduGAIN service task</strong> for further improvement of the GÉANT service.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Porting oidc-agent to Windows -->
    <div class="col-sm-6 col-lg-4 mb-4" id="oidc-agent">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/oidc-agent.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2021 - 14 Sep 2021"
              >Cycle 4</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">Porting oidc-agent to Windows</h2>
          <p class="card-text">
            <a href="https://indigo-dc.gitbook.io/oidc-agent/">oidc-agent</a> is a command line set
            of tools that enables the users to manage and obtain (mostly) OIDC tokens on command
            line. It follows the design of the ssh-agent and, as such, it can be easily integrated
            in the user's flow. However, current version only covers Linux and MacOS users. This
            activity would port the oidc-agent to Windows OS. The expected impact is potentially
            large, since users from many communities that may use this tool (such as HPC, or any
            community that need constant access to computing and storage resources as part of their
            work) typically rely on Windows as their main operating system. This activity
            investigates the best approach to porting the oidc-agent.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-21"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/SgCeDQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-21">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://github.com/indigo-dc/oidc-agent">Source Code</a>
              </li>
              <li>
                <a href="https://indigo-dc.gitbook.io/oidc-agent/">Technical documentation</a>
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/247431187/OIDC-Agent.mp4?version=1&modificationDate=1622630166361&api=v2"
                  >Demo video</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The source code was submitted to the upstream repository and is publicly available to
              the community. The <strong>Karlsruhe Institute of Technology (KIT)</strong> will
              maintain the software.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- OIDCfed support on SimpleSAMLphp -->
    <div class="col-sm-6 col-lg-4 mb-4" id="oidc_fed">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/oidc-op-ssp.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="06 Feb 2023 - 03 Sep 2023"
              >Cycle 7</span
            >
          </div>
          <h2 class="card-title">OIDCfed support on SimpleSAMLphp</h2>
          <p class="card-text">
            OpenID Connect Federation will provide the basis for multilateral connections between
            RPs and OPs in a scalable way. Adding OIDCfed support to Shibboleth will already been
            taken care of with support also from non-R&E companies, but many of the AAI proxies for
            research in the AARC BPA, and at research institutions, are running SimpleSAMLphp as the
            basis for their proxy.
            <br />
            The Incubator is in an excellent position to add native OIDCfed support, with support
            for hierarchical trust path construction and the ability for policy filtering, to SSPHP,
            based on the previous success of its OIDC OP project.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-oidc_fed"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/J4AcIw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-oidc_fed">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://wiki.geant.org/display/GWP5/OIDCfed+Testbed"
                  >OIDCfed Testbed Architecture</a
                >
              </li>
              <li>
                <a href="https://gitlab.software.geant.org/TI_Incubator/oidcfed/fedservice"
                  >OIDC federation implementation</a
                >
              </li>
              <li>
                <a href="https://gitlab.software.geant.org/TI_Incubator/oidcfed/ofcli"
                  >CLI helper tool</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/589070375/OIDCfed_final-demo.mp4?version=1&modificationDate=1699271835934&api=v2"
                  >OIDCfed final demo</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The architecture and source code is publicly available to the community. This will be
              used as the basis for other activities in the next cycle.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Add OIDC OP support to SimpleSAMLphp -->
    <div class="col-sm-6 col-lg-4 mb-4" id="oidc-op-ssp">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/oidc-op-ssp.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2021 - 14 Sep 2021"
              >Cycle 4</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">SimpleSAMLphp OIDC OP</h2>
          <p class="card-text">
            SimpleSAMLphp (SSP) is a commonly used software product for both SP and IdP deployments
            in Research and Education. In addition it may also be deployed as a proxy. Next to SAML,
            various other authentication protocols are supported.While SSP already supports the
            OpenID Connect (OIDC) Relaying Party (RP) interface, an OIDC OpenID Provider (OP)
            implementation is missing.
            <br />
            This activity seeks to implement an OIDC OP in accordance with the OIDC specification
            into SSP. There is an existing module available at Github. It needs to be investigated
            whether this is suitable for this activity.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-18"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/RQCeDQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-18">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://github.com/simplesamlphp/simplesamlphp-module-oidc"
                  >SimpleSAMLphp OIDC module</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/320471174/SSP-OIDC_demo.mp4?version=1&modificationDate=1632930580727&api=v2"
                  >OIDC demo video</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The work has been concluded and the results were provided to the
              <strong>SimpleSAMLphp developers</strong>. The source code is publicly available and
              will be maintained by the upstream maintainers.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- ORCID as IdP of last resort -->
    <div class="col-sm-6 col-lg-4 mb-4" id="orcid">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/orcid.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2019 - 12 Nov 2019"
              >Cycle 1</span
            >
            <span class="badge rounded-pill bg-dark text-light">Service</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">ORCID as IdP of last resort</h2>
          <p class="card-text">
            Many research collaborations as well as campus services need a solution to deal with
            guest identity, as in many cases not all users are members of the academic Identity
            Federations. As a result, several federation operators as well as research
            collaborations operate IdPs or proxies to allow users to authenticate through external
            identity providers like social ones. This has led to serious reinventing of the wheel.
            This pilot aimed to bring the widely used ORCID service into the GÉANT IDhub as Identity
            Provider of last resort. Furthermore organisational and legal aspects as well as
            technical improvements were investigated.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-11"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/WbAuBw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-11">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/120500313/ORCID%20IdP%20as%20last%20resort.pdf?api=v2"
                  >Business Case Analysis</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/120500313/Identity%20proxying%20for%20Guest%20Identities%20in%20the%20context%20of%20GDPR.pdf?api=v2"
                  >Identity Proxy GDPR Report</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/120500313/Report%20of%20the%20collaboration%20with%20the%20SATOSA%20project.pdf?api=v2"
                  >Technical solution based on SaToSa software stack</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/120500313/ORCID%20Screencast.webm?api=v2"
                  >ORCID Screencast</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The work has been concluded with the results handed over to be further developed in
              the
              <strong>IDhub</strong> to improve the GÉANT service.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Passkey -->
    <div class="col-sm-6 col-lg-4 mb-4" id="passkey">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/588447889/fingerpringt.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Security</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="06 Feb 2023 - 03 Sep 2023"
              >Cycle 7</span
            >
          </div>
          <h2 class="card-title">Passkey passwordless authentication</h2>
          <p class="card-text">
            <a href="https://fidoalliance.org/passkeys/">Passkey</a>
            promises a new way for passwordless login. The login however does not contain an
            attestation. How does this new protocol work, how does it integrate into our current
            ecosystem and how would this work in combination with new paradigms like wallets? The
            project aims to investigate passwordless authentication in the context of identity
            federations. This new approach will provide valuable insights into the feasibility and
            potential benefits of Passkeys as a first factor or even an MFA alternative.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-passkey"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/I4AcIw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-passkey">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://wiki.geant.org/display/GWP5/Passkey+creation+tests"
                  >List of Passkey tests</a
                >
              </li>
              <li>
                <a href="https://wiki.geant.org/display/GWP5/SimpleSAMLphp+prototype+configuration"
                  >SimpleSAMLphp prototype configuration</a
                >
              </li>
              <li>
                <a href="https://wiki.geant.org/display/GWP5/Working+versions+of+the+report"
                  >Working versions of the report</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/589070371/Passkeys_final-demo.mp4?version=1&modificationDate=1699271875648&api=v2"
                  >Passkeys final demo</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>A white paper about the opportunites of Passkeys in R&E was published.</p>
          </li>
        </ul>
      </div>
    </div>
    <!-- pyFF Optimizations -->
    <div class="col-sm-6 col-lg-4 mb-4" id="pyff-optimization">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/pyff.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="03 Jul 2020 - 09 Feb 2021"
              >Cycle 3</span
            >
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">pyFF Optimizations</h2>
          <p class="card-text">
            pyFF is an open source and widely used product which is used to provide Discovery and
            Metadata Query services for identity federation. This topic investigates optimizations
            in pyFF operations, including but not limited to, performance and memory consumption.
            When processing the eduGAIN metadata, pyFF memory usage balloons to the gigabytes,
            hereby inflicting some extra cost when running on procured VM's like AWS. The
            startup/restart process speed, and service behavior while being started/restarted may
            also be improved. In particular, the service should never throw 5xx errors while in a
            normal startup/shutdown process.
            <br />The goal of this project is to optimize pyFF memory consumption and (re-)start
            behavior.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-17"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/UZHTC"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-17">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li><a href="#"></a>pyFF test report</li>
              <li><a href="#"></a>Metadata mockup report</li>
              <li><a href="#"></a>Blog post</li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/148089097/pyFF_Optimization-Metadata.mp4?version=1&modificationDate=1617046521186"
                  >Final presentation</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The aim of this activity was to investigate whether the existing pyFF software can be
              optimised to reduce memory consumption and improve performance. For this purpose,
              intensive profiling of the software was carried out and a large number of experiments
              were conducted. All tests and results were documented in a report, which was passed on
              to the developer communities of the tools.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- eduGAIN Service Catalogue -->
    <div class="col-sm-6 col-lg-4 mb-4" id="service-catalogue">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/service-catalogue.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2021 - 14 Sep 2021"
              >Cycle 4</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">eduGAIN Service Catalogue</h2>
          <p class="card-text">
            The eduGAIN Support Team, Secretariat and business development received several requests
            from SPs, IdPs and NRENs for an eduGAIN Service Catalogue. Currently the eduGAIN
            Entities Database tool and REFEDS Metadata Explorer Tool (MET) are the two services
            closest to a service catalogue, but there are inconsistencies between the two tools.
            <br />
            The Incubator attempts to improve the solution based on the outcome of this pilot phase.
            Depending on the requirements and use cases that need to be supported, new features can
            be added in following an iterative process. If there are not enough participants to
            provide a meaningful amount of data, no additional developments will be carried out by
            the Incubator. In this case, the software is decommissioned at the end of the pilot
            phase and the project is terminated.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-19"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/TACeDQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-19">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://surfnet-niels.github.io/">Technical prototype</a>
              </li>
              <li>
                <a href="https://wiki.geant.org/download/attachments/247431187/SC_demo.mp4"
                  >Demo video</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/228458572/Service%20Catalogues%20Comparison.pdf?api=v2"
                  >Service Catalogues Comparison.pdf</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/228458572/RFC%20-%20The%20eduGAIN%20Service%20Catalogue%20%28REFEDS%20Audience%29.pdf?api=v2"
                  >RFC - The eduGAIN Service Catalogue (REFEDS Audience)</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/228458572/RFC%20-%20Service%20catalog%20functional%20design.pdf?api=v2"
                  >RFC - Service catalog functional design</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The project has reached a point where engagement from the community is required to
              take the work forward. At this time we have received no offers of engagement and we
              are therefore stopping our work, leaving documentation and existing code available to
              any group who may wish to continue developing the Service Catalogue.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Service report -->
    <div class="col-sm-6 col-lg-4 mb-4" id="service-report">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/service-report.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="15 Nov 2019 - 30 Jun 2020"
              >Cycle 2</span
            >
            <span class="badge rounded-pill bg-dark text-light">Service</span>
          </div>
          <h2 class="card-title">Service Status Reporting</h2>
          <p class="card-text">
            The T&I activities of the GEANT project run a multitude of services ranging for eduroam
            and eduGAIN to InAcademia, eduTEAMS and various smaller helper services for eduGAIN
            without a single overview of the state of all these services. The highly distributed
            nature limits our ability to present in a consistent way the status of these services
            and it hinders us in explaining issues when something is wrong. This is relevant both
            for members of the GEANT community as well as other other stakeholders like service
            owners and funding agencies. This activity wanted to create a comprehensive, high level
            and user friendly publicly facing service dashboard for T&I services. Since many freely
            or commercially available services for measuring availability already exist this
            activity investigated and compared them to choose a suitable solution for the GÉANT
            project.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-3"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/-wH5Bw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-3">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://wiki.geant.org/x/PQOMC"
                  >Requirements for a GÉANT service reporting tool</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/133759487/Monitoring%20tool%20market%20analysis.pdf?api=v2"
                  >Monitoring tool market analysis</a
                >
              </li>
              <li><a href="https://status.inacademia.org">POC based on InAcademia</a></li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The result of the market analysis was provided to the
              <strong>T&I service task</strong>.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Shibboleth OIDC Extension -->
    <div class="col-sm-6 col-lg-4 mb-4" id="shibboleth-oidc">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/shibboleth.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2019 - 12 Nov 2019"
              >Cycle 1</span
            >
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">Shibboleth OIDC Extension</h2>
          <p class="card-text">
            Up to now, R&E federations are predominantly relying on the SAML2 protocol. With
            upcoming needs from industry and commercial service providers the OpenID Connect (OIDC)
            protocol is increasingly moving into focus. This activity supported the development of
            an Shibboleth OIDC Extension to the Shibboleth IdP and was paving the way to make the
            extension a fully sustained product.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-10"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/WLAuBw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-10">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://github.com/CSCfi/shibboleth-idp-oidc-extension"
                  >Shibboleth IdP OIDC Extension</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The work has been concluded and the results were handed over to the
              <strong>Shibboleth consortium</strong>. The Extension is certified by the OIDC
              Foundation.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Signature Validation -->
    <div class="col-sm-6 col-lg-4 mb-4" id="signature-validation">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/588447889/SAMLsig.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Security</span>
            <span class="badge rounded-pill text-bg-success">Ongoing</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="25 Sep 2023 - 21 Apr 2024"
              >Cycle 8</span
            >
          </div>
          <h2 class="card-title">Scalable testing for insecure SAML signature validation</h2>
          <p class="card-text">
            The SAML 2.0 protocol relies on XML signatures as the foundation of its security. It is
            notoriously complex and allows for many ways to create one or more signatures for any
            document, which means an implementation can easily fall victim to accepting not properly
            signed data. Even common R&E implementations like Shibboleth and SimpleSAMLphp have had
            issues here in the past. Besides these common products, which at least are periodically
            audited for such problems, a much larger risk is custom implementations that use
            different or even home grown libraries.
            <br />
            The goal of the activity is to deliver a (software or service) solution that assists
            identity federation operators in testing at scale of several core security aspects of
            SAML service providers within their federation. This topic includes the technical
            implementation of the use cases to test against. In addition it designs a concept to
            support operators to deploy the testsuite both technically and operationally.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#signature-validation-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/_YmBJw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="signature-validation-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>This acticity is still in progress</p>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>This activity is still in progress</p>
          </li>
        </ul>
      </div>
    </div>
    <!-- IdP/SP software testbed -->
    <div class="col-sm-6 col-lg-4 mb-4" id="software-testbed">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/software-testbed.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2021 - 14 Sep 2021"
              >Cycle 4</span
            >
          </div>
          <h2 class="card-title">IdP/SP software testbed</h2>
          <p class="card-text">
            It is currently very hard to test new releases of IdP and SP software against other
            IdP/SP products. This activity attempts to design an automated test environment. A
            suitable architecture for an IdP/SP continuous integration platform is to be created.
            This involves creating use cases and identifying technologies that support them. An
            iterative approach, in which use cases are successively implemented and products are
            integrated one after another, is intended to quickly create a functional platform. If
            the CI approach is successful, ready-to-use software packages can be provided using
            container technologies such as Docker, to deploy the entire software locally by NRENs or
            other parties.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-20"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/TgCeDQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-20">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://gitlab.software.geant.org/matteo/idp-sp_testbed">Source Code</a>
              </li>
              <li>
                <a href="https://wiki.geant.org/display/gn43wp5/Testbed+Design"
                  >Technical documentation</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/247431187/testbed.mp4?version=1&modificationDate=1622807769780&api=v2"
                  >Demo video</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              A prototype of an IdP/SP software testbed was successfully created. The results were
              presented to the community and made publicly available. No group was identified to
              continue the development of this project.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Auto SP Deployment -->
    <div class="col-sm-6 col-lg-4 mb-4" id="sp-deployment">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/588447889/SPdeployment.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Ongoing</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="25 Sep 2023 - 21 Apr 2024"
              >Cycle 8</span
            >
            <span class="badge rounded-pill text-bg-secondary"> TIM </span>
          </div>
          <h2 class="card-title">Automation of SP deployment</h2>
          <p class="card-text">
            While supporting new federations in setting up their infrastructures, there is not much
            automation in place. All is done, still very manually, and takes much time. Talking
            specifically of the SPs, both for the installation and configuration of the services
            themselves, and the required operations to federate them, in order to be able to provide
            them in a federated (e.g.eduGAIN) fashion, pretty much all is still left to manual
            setup. It would be useful to (new) federations being able to deploy an initial set of
            services, the ones which could de-facto start to attract users towards the newly
            deployed federation infrastructure and the federated IdPs.
            <br />
            This activity investigates a proxy approach to aggregate the services and potentially
            simplify the deployment and integration of tools. The Incubator will make an inventory
            of relevant services and discuss integration scenarios with stakeholders. The goal is to
            create proof of concept of at least one scenario and present it to federation operators.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#sp-deployment-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/goqBJw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="sp-deployment-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>This acticity is still in progress</p>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>This activity is still in progress</p>
          </li>
        </ul>
      </div>
    </div>
    <!-- SSH Federated -->
    <div class="col-sm-6 col-lg-4 mb-4" id="ssh-federated">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/ssh-federated.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="20 Mar 2022 - 15 Dec 2022"
              >Cycle 6</span
            >
            <span class="badge rounded-pill bg-dark text-light">Community</span>
          </div>
          <h2 class="card-title">SSH in a Federated World</h2>
          <p class="card-text">
            To allow easy access to SSH based services DeiC has made a SSH Certificate Authority
            proof-of-concept that issues short-lived SSH certificates based on a federated login.
            The system requires no specific client - or service side installed programs and makes it
            possible for the user to use all standard ssh services - as long at the certificate is
            valid. Depending on the configuration of the participating services the CA allows the
            user to use the same username/uid across all services. Optionally it can be combined
            with systemd-userdb services to allow for fully automated user management. The CA can
            also optionally issue host certificates so the users do not have to trust the servers on
            first use (TOFU). Initial goal of the activity is to hold a workshop to gather
            requirements and showcase and discuss existing solutions.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#ssh-federated-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/sgATIQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="ssh-federated-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://github.com/surfnet-niels/White-paper-on-federated-SSH-solutions"
                  >Public white paper</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The information gathered was compiled into a white paper, which was shared with the
              <strong>community</strong> as an opportunity for further collaboration. A user group
              is to be established to deal with this subject long-term.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Automated notification of issues and overall status for federations en entities -->
    <div class="col-sm-6 col-lg-4 mb-4" id="status-reporting">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/status-report.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Security</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="15 Nov 2019 - 30 Jun 2020"
              >Cycle 2</span
            >
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="03 Jul 2020 - 09 Feb 2021"
              >Cycle 3</span
            >
            <span class="badge rounded-pill bg-dark text-light">Service</span>
          </div>
          <h2 class="card-title">Status Reporting & Notification</h2>
          <p class="card-text">
            To make the global eduGAIN interfederation scalable and interoperable, it is paramount
            participants adhere to agreed upon standards and community best practices. There are
            currently already several tools that examine the quality of federation metadata, the
            connection status of their IdPs and the attribute release status of their IdPs. This
            activity is about creating a tool to aggregate information from various sources and
            presenting this in an attractive, easy to understand way to put this information readily
            into the hands of the federation operators.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-14"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/_gH5Bw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-14">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>Source Code (closed source)</li>
              <ul>
                <li>
                  <a href="https://gitlab.software.geant.org/TI_Incubator/ansiblestatrep"
                    >Ansible deployment</a
                  >
                </li>
                <li>
                  <a href="https://gitlab.software.geant.org/TI_Incubator/edugain-reporting-web"
                    >Web client</a
                  >
                </li>
                <li>
                  <a
                    href="https://gitlab.software.geant.org/TI_Incubator/edugain-reporting-api-client"
                    >Server API</a
                  >
                </li>
              </ul>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/133759482/eduGAIN%20Reporting%20User%20Documentation.pdf"
                  >User documentation</a
                >
              </li>
              <li>
                <a href="edugain-reporting-beta.incubator.geant.org"></a>Live test environment
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/148089097/eduGAIN_Reporting.mp4?version=1&modificationDate=1617046296609"
                ></a
                >Final presentation
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              A prototype was developed that meets the expectations of the stakeholders. The tool,
              in future called "eduGAIN Reporting", was handed over to the eduGAIN Task. In order to
              develop this further, an eduGAIN reporting development team was founded. The created
              prototype is used for additional tests with the users and replaced by a productive
              system a few months later.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Test IdP -->
    <div class="col-sm-6 col-lg-4 mb-4" id="test-idp">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/test-idp.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="05 Mar 2021 - 14 Sep 2021"
              >Cycle 4</span
            >
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">Test IdP</h2>
          <p class="card-text">
            This activity creates a freely available, realistic test IdP for the GÉANT community.
            Based on the needs of the GÉANT community, the solution may offer SAML, OIDC and
            supports all the latest best practices. The requirements and use cases for such a
            service will be defined in collaboration with a group of community representatives.
            Potential features of such a tool are: test for a specific set of attributes, create an
            account to save a test profile, an open (REST) API to configure the IdP using a (web)
            client. There are different potential business cases for deployment: as part of the
            eduGAIN support tools, by GÉANT operations or NREN hosted.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-22"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/SACeDQ"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-22">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://gitlab.software.geant.org/TI_Incubator/test_idp"
                  >Source Code (GÉANT Gitlab)</a
                >
              </li>
              <li>
                <a href="https://surfdrive.surf.nl/files/index.php/s/xafmVMHQ4KquJno">Demo video</a>
              </li>
              <li>
                <a href="https://wiki.geant.org/display/gn43wp5/RFC%3A+Test+IdP+admin+interface"
                  >Test IdP Architecture</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/228458568/Test%20IdP%20Service%20User%20Guide.pdf?version=1&modificationDate=1633079289015&api=v2"
                  >Test IdP User Guide</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              A Test IdP based on the SimpleSAMLphp software was created. It supports the following
              tests: R&S Entity category tests, Behavioural tests, Generic attribute profile tests,
              Refeds Assurance Framework tests, Error scenario tests and Experimental profile tests.
              The Test IdP was made available in GÉANT Gitlab.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Trust fabric for wallets -->
    <div class="col-sm-6 col-lg-4 mb-4" id="signature-validation">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/588447889/trust-fabric.png"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Standards</span>
            <span class="badge rounded-pill text-bg-success">Ongoing</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="25 Sep 2023 - 21 Apr 2024"
              >Cycle 8</span
            >
          </div>
          <h2 class="card-title">Trust fabric for wallets</h2>
          <p class="card-text">
            Europe is working towards a wallet-based identity ecosystem. The
            <a href="https://code.europa.eu/eudi/architecture-and-reference-framework"
              >Architecture and Reference Framework</a
            >
            (ARF) is intended to serve as a basis for the implementation of the proposal for the
            <a href="The European Digital Identity Wallet Architecture and Reference Framework"
              >European Digital Identity Framework</a
            >. The current version of the ARF has declared the organizational trust out of scope.
            The OIDC federation specification seems to have many characteristics that would allow
            such a wallet ecosystem to be defined.
            <br />
            The goal of this activity is to investigate and test the use of the OIDC federation
            protocol as a trust fabric for a wallet ecosystem. This activity will evaluate ARF for
            trust framework related requirements and describe how OIDC federation may be leveraged
            in with OpenID4VC The goal is to plan and build a test setup to verify the usability of
            OIDC federation in the context of a wallet ecosystem.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#signature-validation-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/ioqBJw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="signature-validation-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>This acticity is still in progress</p>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>This activity is still in progress</p>
          </li>
        </ul>
      </div>
    </div>
    <!-- User Profile -->
    <div class="col-sm-6 col-lg-4 mb-4" id="user-profile">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/user-profile.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="20 Mar 2022 - 15 Dec 2022"
              >Cycle 6</span
            >
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="06 Feb 2023 - 03 Sep 2023"
              >Cycle 7</span
            >
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">IdP User Profile</h2>
          <p class="card-text">
            Currently, there is no way for federated users to know at which service providers their
            account was used to login. This activity developes a mechanism to track federated
            signing in events. That would allow an user to check the recent activity on his account
            in regards of authentication. Users could see the list if authentications containing
            datetime, ip and relying party etc. That would help them to spot suspicious activity.
            <br />
            A user profile page deployed as part of Shibboleth IdP and SimpleSAMLphp would enable
            end users to gain insight into where their personal data is used and when it was last
            released to various services, as far as the IdP is aware. This feature should only
            release information to appropriate user (so after login). It needs to be considered how
            storing user data to facilitate this plugin would impact data retention policy of the
            IdP.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#user-profile-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/IIAcIw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="user-profile-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a
                  href="https://gitlab.software.geant.org/TI_Incubator/personal-profile-page/simplesamlphp"
                  >SimpleSAMLphp User Profile plugin</a
                >
              </li>
              <li>
                <a
                  href="https://gitlab.software.geant.org/TI_Incubator/user-profile-page-shibboleth-plugin"
                  >Shibboleth User Profile plugin</a
                >
              </li>
              <li>
                <a
                  href="https://gitlab.software.geant.org/TI_Incubator/user-profile-page-shibboleth"
                  >Shibboleth User Profile test server</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/download/attachments/351240339/%5BM%5D%20www.figma%20%281%29.webm?version=1&modificationDate=1670516974145&api=v2"
                  >GN4-3 Final demo video</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/display/GWP5/Further+improve+the+personal+profile+page?preview=%2F589070368%2F695042200%2FProfile_page_final-demo.mp4"
                  >GN5-1 Final demo video</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The prototype was presented at multiple events to interested parties. It will be
              provided to the SimpleSAMLphp/Shibboleth developers after further improvement.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- WebauthN -->
    <div class="col-sm-6 col-lg-4 mb-4" id="webauthn">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/webauthn.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Security</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="15 Nov 2019 - 30 Jun 2020"
              >Cycle 2</span
            >
            <span class="badge rounded-pill text-bg-secondary"> TIM </span>
            <span class="badge rounded-pill bg-dark text-light">Service</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">WebauthN</h2>
          <p class="card-text">
            WebAuthn (Web Authentication), part of the FIDO2 Project, is a web standard published
            by the W3C that enables strong authentication with public-key cryptography, passwordless
            authentication, and secure two-factor authentication. The standard defines a JavaScript
            API which allows token registration and subsequent authentication. This activity
            implemented this API for the open source software SimpleSAMLphp and SATOSA, which
            enables them to provide 2FA functions to the benefit of the R&E community.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-5"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/YQ75Bw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-5">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://github.com/CESNET/satosa-module-webauthn"
                  >Publicly available source code</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The developed modules were submitted to the upstream repositories to be officially
              maintained by the <strong>simplesamlphp groups</strong> and <strong>CESNET</strong>.
              The software was provided to the <strong>eduTEAMS service task</strong> to include it
              into the GÉANT service.
            </p>
          </li>
        </ul>
      </div>
    </div>
    <!-- Webwallet -->
    <div class="col-sm-6 col-lg-4 mb-4" id="webwallet">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/588447889/wwallet.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Ongoing</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="25 Sep 2023 - 21 Apr 2024"
              >Cycle 8</span
            >
            <span class="badge rounded-pill text-bg-secondary"> TIM </span>
          </div>
          <h2 class="card-title">Webwallet for research use case</h2>
          <p class="card-text">
            The current ARF framework assumes all interactions will be handled via an app on a
            mobile phone. While this may suffice for many users, it will leave out groups that
            cannot or will not use such devices. In addition, it creates a dependency on the vendors
            of the devices and the software they run on. Finally, users may not be willing to store
            and aggregate work related data on a personal device.
            <br />
            This activity will investigate if a browser based wallet may be created which can
            support (parts of) the ARF. A first version of such a web wallet has been developed as
            part of the eDiplomas
            <a href="https://wwwallet.github.io/wallet-docs/">wwWallet Ecosystem</a> activity. To
            confirm usability for our community, the browser based wallet should be tested with the
            same scenarios as were previously tested in the incubator using mobile based wallets.
            The goal is to describe scenarios, set up a test environment and release at least one
            new version of the existing <a href="https://github.com/wwWallet">wwWallet</a>.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#webwallet-details"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/f4qBJw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="webwallet-details">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>This acticity is still in progress</p>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>This activity is still in progress</p>
          </li>
        </ul>
      </div>
    </div>
    <!-- (De)provisioning connector for Windows -->
    <div class="col-sm-6 col-lg-4 mb-4" id="win-connector">
      <div class="card">
        <img
          src="https://wiki.geant.org/download/attachments/148090083/win-connector.jpg"
          class="card-img-top"
          alt="photo"
        />
        <div class="card-body">
          <div class="tags">
            <span class="badge rounded-pill text-bg-primary">Identity</span>
            <span class="badge rounded-pill text-bg-success">Completed</span>
            <span
              class="badge rounded-pill text-bg-info"
              data-bs-toggle="tooltip"
              data-placement="top"
              title="15 Nov 2019 - 30 Jun 2020"
              >Cycle 2</span
            >
            <span class="badge rounded-pill text-bg-secondary"> TIM </span>
            <span class="badge rounded-pill bg-dark text-light">Service</span>
            <span class="badge rounded-pill bg-dark text-light">Community</span>
            <span class="badge rounded-pill bg-dark text-light">External</span>
          </div>
          <h2 class="card-title">(De)provisioning connector for Windows</h2>
          <p class="card-text">
            Identity provisioning and deprovisioning are a necessity for building modern
            authentication and authorization infrastructures. They are straightforward yet
            technically complicated part of identity and access management. The basic idea is to
            deliver identity and authorization information to the managed services, which is
            complicated by a lack of applicable standards in this area. Therefore, most of the
            Identity and access management solutions rely on a custom solution for provisioning. To
            overcome this obstacle, this project extends existing IAM capabilities by implementing a
            connector to easily provision data to services hosted on Windows OS based on SSH.
          </p>
          <button
            class="btn btn-info d-print-none"
            type="button"
            data-bs-toggle="collapse"
            data-bs-target="#details-4"
          >
            Show Details
          </button>
          <a
            href="https://wiki.geant.org/x/bA75Bw"
            class="btn btn-outline-primary float-right"
            target="_blank"
            >Activity page</a
          >
        </div>
        <ul class="list-group list-group-flush collapse" id="details-4">
          <li class="list-group-item">
            <h5>Results & Deliverables</h5>
            <p>The following results were created and delivered:</p>
            <ul>
              <li>
                <a href="https://wiki.geant.org/display/gn43wp5/Installation"
                  >Windows Connector Installation Guide</a
                >
              </li>
              <li>
                <a href="https://github.com/CESNET/perun-services-windows"
                  >Publicly available source code
                  <small>including test automation and a windows installation package</small></a
                >
              </li>
              <li>
                <a href="https://wiki.geant.org/display/gn43wp5/Test+Environment"
                  >eduTEAMS integrated test environment</a
                >
              </li>
              <li>
                <a
                  href="https://wiki.geant.org/display/gn43wp5/Provisioning+of+AD+for+the+lab+on+the+university"
                  >Windows Connecter Case Study</a
                >
              </li>
            </ul>
          </li>
          <li class="list-group-item">
            <h5>Ownership & Utilisation</h5>
            <p>
              The aim of this project was to create an easy to use, adoptable software solution to
              provision server users and provide this tool to the <strong>community</strong> As part
              of a case study the solution was implemented for a
              <strong>Czech University (Faculty of informatics MU)</strong> which will continue to
              use the solution afterwards. <strong>CESNET</strong> will continue to use and maintain
              the software for the foreseeable future. Besides this, the solution shall be adjusted
              to the needs of eduTEAMS. The solution will be provided to the
              <strong>eduTEAMS service task</strong> to be integrated into the GÉANT service.
            </p>
          </li>
        </ul>
      </div>
    </div>
  </div>
</div> |