...
| HTML |
|---|
<!-- Content -->
<div class="container-fluid">
<!-- Banner -->
<div
class="row pt-4 pr-4 pb-5"
style="background: linear-gradient(#4051a3ff, white); height: 15em"
>
<img
src="https://wiki.geant.org/download/attachments/148090083/dashboard-banner.svg"
class="mx-auto"
style="height: 100%; width: 100%"
/>
</div>
<!-- Head -->
<div class="card-deck mb-3">
<div class="card">
<div class="row no-gutters">
<div class="col-md-4 p-2 color-completed">
<img
src="https://wiki.geant.org/download/attachments/148090083/trophy.svg"
class="card-img"
/>
</div>
<div class="col-md-8" style="background-color: #e6e6e6">
<div class="card-body text-center">
<div class="card-text font-weight-bold" style="font-size: xx-large">26</div>
<p class="card-text"><small class="text-muted">Completed activities</small></p>
</div>
</div>
</div>
</div>
<div class="card">
<div class="row no-gutters">
<div class="col-md-4 color-ongoing">
<img
src="https://wiki.geant.org/download/attachments/148090083/gears.svg"
class="card-img p-2"
/>
</div>
<div class="col-md-8" style="background-color: #e6e6e6">
<div class="card-body text-center">
<div class="card-text font-weight-bold" style="font-size: xx-large">4</div>
<p class="card-text"><small class="text-muted">Ongoing activities</small></p>
</div>
</div>
</div>
</div>
<div class="card">
<div class="row no-gutters">
<div class="col-md-4 color-pending">
<img
src="https://wiki.geant.org/download/attachments/148090083/idea.svg"
class="card-img p-2"
/>
</div>
<div class="col-md-8" style="background-color: #e6e6e6">
<div class="card-body text-center">
<div class="card-text font-weight-bold" style="font-size: xx-large">2</div>
<p class="card-text"><small class="text-muted">Pending ideas</small></p>
</div>
</div>
</div>
</div>
<div class="card">
<div class="row no-gutters">
<div class="col-md-4" style="background-color: lightblue">
<img
src="https://wiki.geant.org/download/attachments/148090083/student.svg"
class="card-img p-2"
/>
</div>
<div class="col-md-8" style="background-color: #e6e6e6">
<div class="card-body text-center">
<div class="card-text font-weight-bold" style="font-size: xx-large">6</div>
<p class="card-text"><small class="text-muted">TIM students</small></p>
</div>
</div>
</div>
</div>
<div class="card">
<div class="row no-gutters">
<div class="col-md-4" style="background-color: lightsalmon">
<img
src="https://wiki.geant.org/download/attachments/148090083/team.svg"
class="card-img p-2"
/>
</div>
<div class="col-md-8" style="background-color: #e6e6e6">
<div class="card-body text-center">
<div class="card-text font-weight-bold" style="font-size: xx-large">11</div>
<p class="card-text"><small class="text-muted">Active members</small></p>
</div>
</div>
</div>
</div>
</div>
<!-- Timeline -->
<div class="col-9 offset-3 p-0">
<div class="card border-0">
<div class="row no-gutters">
<div class="col-9 offset-1">
<img
src="https://wiki.geant.org/download/attachments/148090083/timeline.svg"
class="card-img"
/>
</div>
<div class="col-2" style="background-color: #e6e6e6">
<div class="card-body text-center">
<div class="card-text font-weight-bold" style="font-size: xx-large">5 / 6</div>
<p class="card-text"><small class="text-muted">Iterations</small></p>
</div>
</div>
</div>
</div>
</div>
<hr />
<!-- Overview section -->
<div class="accordion d-print-none" id="overview-panel">
<div class="row">
<div class="btn-group col-4" role="group">
<button
class="btn btn-outline-primary"
id="tab-main-head"
type="button"
data-toggle="collapse"
data-target="#tab-incubator-body"
>
Incubator
</button>
<button
class="btn btn-outline-primary"
id="tab-topics-head"
type="button"
data-toggle="collapse"
data-target="#tab-topics-body"
>
Topics
</button>
<button
class="btn btn-outline-primary"
id="tab-deliverable-head"
type="button"
data-toggle="collapse"
data-target="#tab-deliverable-body"
>
Handover
</button>
<button
class="btn btn-outline-primary"
id="tab-timeline-head"
type="button"
data-toggle="collapse"
data-target="#tab-timeline-body"
>
Innovation
</button>
</div>
</div>
<!-- Incubator tab -->
<div class="row collapse show" id="tab-incubator-body" data-parent="#overview-panel">
<div class="col-4">
<div class="list-group" role="tablist">
<a
class="btn btn-outline-primary list-group-item list-group-item-action active"
id="incubator-vision-head"
data-toggle="list"
href="#incubator-vision"
role="tab"
>Vision & Mission</a
>
<a
class="btn btn-outline-primary list-group-item list-group-item-action"
id="incubator-process-head"
data-toggle="list"
href="#incubator-process"
role="tab"
>Process Methodology</a
>
<a
class="btn btn-outline-primary list-group-item list-group-item-action"
id="incubator-roles-head"
data-toggle="list"
href="#incubator-roles"
role="tab"
>Community Engagement
</a>
</div>
</div>
<div class="col-8">
<div class="tab-content" id="incubator-content">
<div class="tab-pane fade show active" id="incubator-vision" role="tabpanel">
<p>
The GN4-3 WP5 T2 Trust and Identity Incubator (“T&I Incubator”) aims to develop,
foster and mature new ideas in the Trust and Identity space in Research and
Education. The incubator will investigate new technologies that currently have no
place (yet) in the services ecosystem of the GÉANT project. This may include to
test and experiment with potential new features for existing GÉANT services. In
addition also business case development for potential new services and
developments that would improve data protection and privacy aspects in services or
software are in scope.
</p>
<div>
<a
href="https://wiki.geant.org/x/wbAuBw"
target="_blank"
class="btn btn-outline-primary"
>Activity Process</a
>
</div>
</div>
<div class="tab-pane fade" id="incubator-process" role="tabpanel">
<p>
The T&I incubator runs four to eight incubator activities per project year in
parallel. These incubators typically take about 6 months and employ an agile
methodology to enable rapid development of ideas. Preferably at least two subject
matter experts work together with support from the project team. Subject matter
experts are recruited from within the team or, preferred, sponsored by their
NRENs. In addition, the project team facilitates the incubator track by providing
a scrum master and dedicated developers.
</p>
<div>
<a
href="https://wiki.geant.org/x/O4LYBw"
target="_blank"
class="btn btn-outline-primary"
>Development Process</a
>
</div>
</div>
<div class="tab-pane fade" id="incubator-roles" role="tabpanel">
<p>
Main Incubator Board (MIB) aims to represent a broad view on Trust and Identity
related developments in R&E. MIB members are senior subject matter experts from
the European NREN trust and identity community. They evaluate new ideas and
provide advice to the work package lead. They are also responsible for reviewing
activities at the end of each incubator cycle and providing recommendations on how
to proceed. The incubator team presents their results regularly to the the MIB's
and the wider community. In the middle and at the end of a cycle there are two
events public events, so called sprint demos.
</p>
<div>
<a
href="https://wiki.geant.org/x/sbAuBw"
target="_blank"
class="btn btn-outline-primary"
>Selection Process</a
>
</div>
</div>
</div>
</div>
</div>
<!-- Topics tab -->
<div class="row collapse" id="tab-topics-body" data-parent="#overview-panel">
<div class="col-4">
<div class="list-group" role="tablist">
<a
class="btn btn-outline-primary list-group-item list-group-item-action active"
id="topics-identity-head"
data-toggle="list"
href="#topics-identity"
role="tab"
>Identity and Access Management
</a>
<a
class="btn btn-outline-primary list-group-item list-group-item-action"
id="topics-standards-head"
data-toggle="list"
href="#topics-standards"
role="tab"
>Standards and Protocols
</a>
<a
class="btn btn-outline-primary list-group-item list-group-item-action"
id="topics-security-head"
data-toggle="list"
href="#topics-security"
role="tab"
>Security and Privacy
</a>
</div>
</div>
<div class="col-8 tab-content" id="topics-content">
<div class="tab-pane fade show active" id="topics-identity" role="tabpanel">
<div class="row mb-2">
Identity and Access Management (IAM) is about creating and managing digital identity
for users, which can be used to represent a person in the digital world. Using state
of the art authentication and authorization methods ensures that only the owner can
access his identity and only entitled can access a resource. In this area, it is all
about Identity Providers, Identity Federation, Service Providers and Discovery
Services. Your project may improve existing software solutions or create new
applications for a global community.
</div>
</div>
<div class="tab-pane fade" id="topics-standards" role="tabpanel">
<div class="row">
Building on top of existing infrastructure and applications, Standards and Protocols
is about creating new ways to for applications and users to communicate. This area
is all about protocols and standards used or being developed in the global Trust and
Identity community, like the Security Assertion Markup Language (SAML) and Open ID
Connect (OIDC), which will be used to integrate new capabilities in an already
existing large infrastructure.
</div>
</div>
<div class="tab-pane fade" id="topics-security" role="tabpanel">
<div class="row">
Security is an integral part of most applications and infrastructures. Ensuring data
protection, privacy and safety by using measures like encryption and cryptography is
nowadays mandatory. In this area, you may investigate, test and integrate new
security features in existing Trust & Identity applications or to create new
services that help secure our community, by working on for example multi factor
authentication or HSM technologies.
</div>
</div>
</div>
</div>
<!-- Deliverable tab -->
<div class="row collapse" id="tab-deliverable-body" data-parent="#overview-panel">
<div class="col-4">
<div class="list-group" role="tablist">
<a
class="btn btn-outline-primary list-group-item list-group-item-action active"
id="deliverable-service-head"
data-toggle="list"
href="#deliverable-service"
role="tab"
>T&I Service Task</a
>
<a
class="btn btn-outline-primary list-group-item list-group-item-action"
id="deliverable-community-head"
data-toggle="list"
href="#deliverable-community"
role="tab"
>R&E Community</a
>
<a
class="btn btn-outline-primary list-group-item list-group-item-action"
id="deliverable-external-head"
data-toggle="list"
href="#deliverable-external"
role="tab"
>External Parties
</a>
</div>
</div>
<div class="col-8">
<div class="tab-content" id="incubator-content">
<div class="tab-pane fade show active" id="deliverable-service" role="tabpanel">
<p>
The service task operates and maintains the T&I services in the GÉANT project (WP5
T1). The incubator works closely with the responsible service owner on activities
that have an impact on an existing service. They are already involved in the
selection of new activities to ensure that the topic is appropriately supported.
Once the activity is completed, all results are handed over to the service owner,
who will take care of further development.
</p>
</div>
<div class="tab-pane fade" id="deliverable-community" role="tabpanel">
<p>
Some of the Incubator's outputs are not handed over to a specific party, but are
made available to the wider community. These are, for example, the results of
studies and research that are published or software that is publicly released as
open source. All results are publicly available and announced via the project's
news channels to inform as many community members as possible.
</p>
</div>
<div class="tab-pane fade" id="deliverable-external" role="tabpanel">
<p>
In addition to the general R&E community, the Incubator sometimes works with
external partners. These can be other communities, projects or groups that develop
software products or provide services. Examples are institutions, individual NRENS
or groups such as the Shibboleth Consortium.
</p>
</div>
</div>
</div>
</div>
<!-- Timeline tab -->
<div class="row collapse" id="tab-timeline-body" data-parent="#overview-panel">
<div class="col-4">
<div class="list-group" role="tablist">
<a
class="btn btn-outline-primary list-group-item list-group-item-action active"
id="timeline-head"
data-toggle="list"
href="#timeline"
role="tab"
>Incubator Timeline
</a>
<a
class="btn btn-outline-primary list-group-item list-group-item-action"
id="timeline-c2-head"
data-toggle="list"
href="#timeline-c2"
role="tab"
>How to submit new ideas
</a>
<a
class="btn btn-outline-primary list-group-item list-group-item-action"
id="timeline-c3-head"
data-toggle="list"
href="#timeline-c3"
role="tab"
>Overview of new ideas and activities
</a>
</div>
</div>
<div class="col-8">
<div class="tab-content" id="timeline-content">
<div class="tab-pane fade show active" id="timeline" role="tabpanel">
<div class="list-group list-group-horizontal">
<a
href="https://wiki.geant.org/x/sKrTC"
class="list-group-item list-group-item-action color-completed"
><strong>Cycle 1</strong><br />
05 Mar 2019 - 12 Nov 2019</a
>
<a
href="https://wiki.geant.org/x/s6rTC"
class="list-group-item list-group-item-action color-completed"
><strong>Cycle 2</strong><br />15 Nov 2019 - 30 Jun 2020</a
>
<a
href="https://wiki.geant.org/x/QwCeDQ"
class="list-group-item list-group-item-action color-completed"
><strong>Cycle 3</strong><br />03 Jul 2020 - 09 Feb 2021</a
>
</div>
<div class="list-group list-group-horizontal">
<a
href="https://wiki.geant.org/x/hoDvF"
class="list-group-item list-group-item-action color-completed"
><strong>Cycle 4</strong><br />05 Mar 2021 - 22 Sep 2021</a
>
<a
href="https://wiki.geant.org/x/BYDnGw"
class="list-group-item list-group-item-action color-completed"
><strong>Cycle 5</strong><br />08 Oct 2021 - 03 Mar 2022</a
>
<a
href="https://wiki.geant.org/x/bLAuBw"
class="list-group-item list-group-item-action color-ongoing"
><strong>Cycle 6</strong><br />20 Mar 2022 - 15 Dec 2022</a
>
</div>
</div>
<div class="tab-pane fade" id="timeline-c2" role="tabpanel">
<p>
The Incubator accepts proposals from the entire R&E community as long as they are
suitable to improve the T&I space. All kinds of innovative ideas are welcome,
regardless of whether they are about new products, improving existing services or
even completely disruptive. The format for submitting a proposal is designed to be
as simple as possible. There is a "Call for Ideas" page in the GÉANT wiki where
anyone can share their ideas. All you have to do is create a new row in the table
and describe your own idea. Other community members can comment and support it.
The more popular an idea is, the more likely it is to be implemented in the
Incubator. New ideas can be submitted at any time, but there is a deadline before
each cycle so that they can be considered for the next cycle.
</p>
<a
href="https://wiki.geant.org/x/CAE2Cw"
target="_blank"
class="btn btn-outline-primary m-1"
>Call for Ideas</a
>
</div>
<div class="tab-pane fade" id="timeline-c3" role="tabpanel">
<a href="https://wiki.geant.org/download/attachments/148090083/diagram-ideas.svg"
><img
src="https://wiki.geant.org/download/attachments/148090083/diagram-ideas.svg"
class="img-thumbnail"
/></a>
<a
href="https://wiki.geant.org/download/attachments/148090083/diagram-activities.svg"
><img
src="https://wiki.geant.org/download/attachments/148090083/diagram-activities.svg"
class="img-thumbnail"
/></a>
</div>
</div>
</div>
</div>
</div>
<br />
<hr class="d-print-none" />
<h2>Activities</h2>
<!-- Card filter -->
<div class="form-row">
<div class="form-group col-3">
<input
type="text"
id="card-filter-text"
class="form-control"
onkeyup="searchActivities()"
placeholder="Search activity"
/>
</div>
<div class="form-group col-3">
<select id="card-filter-topic" class="form-control" oninput="searchActivities()">
<option selected value="">All topics</option>
<option value="Identity">Identity and Access Management</option>
<option value="Standards">Standards and Protocols</option>
<option value="Security">Security and Privacy</option>
</select>
</div>
<div class="form-group col-3">
<select id="card-filter-cycle" class="form-control" oninput="searchActivities()">
<option selected value="">All cycles</option>
<option>Cycle 1</option>
<option>Cycle 2</option>
<option>Cycle 3</option>
<option>Cycle 4</option>
<option>Cycle 5</option>
<option value="Cycle 6">Current Cycle</option>
</select>
</div>
<div class="form-group col-3">
<select id="card-filter-deliverable" class="form-control" oninput="searchActivities()">
<option selected value="">All parties</option>
<option value="Service">T&I Service</option>
<option value="Community">R&E Community</option>
<option value="External">External Party</option>
</select>
</div>
</div>
<!-- Cards -->
<div class="card-columns" id="card-grid">
<!-- #include-cards -->
<!-- AARC BPA -->
<div class="card" id="aarc-bpa">
<img
src="https://wiki.geant.org/download/attachments/148090083/aarc-bpa.jpeg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-info">Ongoing</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="20 Mar 2022 - 15 Dec 2022"
>Cycle 6</span
>
</div>
<h2 class="card-title">Self-sovereign identity and the AARC BPA</h2>
<p class="card-text">
The AARC Blueprint Architecture (BPA) describes a "Community AAI" solution, a set of software
building blocks that can be used to implement federated access management solutions for
(inter)national research collaborations. The benefit of the BPA is that its proxy-based
architecture provides both a technical integration point for authentication and authorisation,
as well as a centralised point for implementing the research communities' policies. The BPA
also identifies a "membership management service" which implements community-specific
onboarding to help establish the researcher's status and may be used to issue
community-specific attributes to establish roles and rights. Implementations of the BPA, like
eduTEAMS and SRAM, have greatly improved the capability to use FIM for research communities.
<br />
At first glance, a SSI based model may offer similar benefits as the AARC BPA model, while
reducing the number of impediments as a wallet model may take away the need to have a proxy as
the central authentication gateway. This activity will further explored the potential use of
SSI technology in the context of the AARC BPA. It will describing where SSI technology may be
leveraged, explore benefits and challenges and describe how that may be implement. A number of
technical pilots will test the assumptions.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#aarc-bpa-details"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/sgATIQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="aarc-bpa-details">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>This activity is work in progress at the time of writing.</p>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>This activity is work in progress at the time of writing.</p>
</li>
</ul>
</div>
<!-- Account Linking -->
<div class="card" id="account-linking">
<img
src="https://wiki.geant.org/download/attachments/148090083/account-linking.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="08 Oct 2021 - 03 Mar 2022"
>Cycle 5</span
>
<span class="badge badge-pill badge-secondary"> TIM </span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">Account Linking</h2>
<p class="card-text">
Account linking is, in principle, a simple process of joining users digital identities. Users
have to prove that they own two or more digital identities, which are consecutively linked
together in the identity management system. CESNET has very positive feedback on ELIXIR
workflow for account linking. User signs in with one identity, then with a second one, and the
identities are linked. The positive feedback is coming not only from the ELIXIR community but
also from users from other communities, even outside the life-science area. The significant
issue of the workflow is its user interface, which is still too complicated for users to
navigate through smoothly. Because the process consists of several steps, skipping one step or
leaving the linking process unfinished makes it even more prone to errors. Users need a
straightforward interface that will guide them step-by-step through the whole process.
<br />
The goal of the topic is to develop a new web application for account linking, test it with
end-users and improve it based on user feedback. The application has to support a
recommendation system that tries to guess linkable identities. It also has to deal with all
possible situations in a user-friendly way. The situations include linking identities that
already belong to different registered users or linking identities neither of which belongs to
a registered user.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#account-linking-details"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/awD6F"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="account-linking-details">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://gitlab.geant.org/matteo/idp-sp_testbed">Source Code</a>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/351928427/Account%20linking%20documentation.pdf?api=v2"
>Documentation</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>The source code was submitted upstream to the Perun developers.</p>
</li>
</ul>
</div>
<!-- Alternative MDX -->
<div class="card" id="alternative-mdx">
<img
src="https://wiki.geant.org/download/attachments/148090083/alternative-mdx.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="08 Oct 2021 - 03 Mar 2022"
>Cycle 5</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">Alternative MetaData eXchange</h2>
<p class="card-text">
With the growth of the metadata feeds all over the world, together with the increased need for
catering for multiple federations at once, Service Providers are increasingly reliant on the
MetaData Query (MDQ) protocol, for Relying Party metadata lookup. (MDQ is also commonly
referred to as MDX (MetaData eXchange) for historical reasons: the name of a mailing list
where the spec was discussed.) This protocol is however not widely deploy at this time, due to
technical complexity In addition, for MDQ there is only one implementation in common use:
pyFF. This is a risk as it creates a high dependence on that piece of technology.
<br />
This activity seeks to simplify the scalable use of MDQ, both for federations that currently
operate a MDQ as well as for federations tat do not provide an MDQ service. In addition it
wants to create an alternative implementation, next to pyFF, for creating and managing XML
metadata. The aim is to deliver EntityDescriptors as flat files in such a way this mimics MDQ
protocol and combine that with Global DNS to create a super fast and highly redundant
distribution mechanism for MDQ.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#alternative-mdx-details"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/i4DvF"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="alternative-mdx-details">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="#">Source Code</a>
</li>
<li>
<a href="https://wiki.geant.org/x/XACWFg">MDX pilot architecture</a>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p></p>
</li>
</ul>
</div>
<!-- AUP Service -->
<div class="card" id="aup-service">
<img
src="https://wiki.geant.org/download/attachments/148090083/aup-service.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-info">Ongoing</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="20 Mar 2022 - 15 Dec 2022"
>Cycle 6</span
>
<span class="badge badge-pill badge-secondary"> TIM </span>
</div>
<h2 class="card-title">Acceptable Use Policy Service</h2>
<p class="card-text">
The primary goal of the Authentication and Authorization Infrastructure (AAI) is to provide
centralized authentication and authorization mechanisms. In an environment based on the AAI,
one of such authorization rules might be fulfilling the policy requirements, set i.e. in an
AUP document defined by the community, service provider, or organizational unit. In general,
when the resource owner or provider decides that a specific policy has to be enforced when the
resource is used, AAI needs to provide a mechanism for both sides to manage and fulfill this
requirement. These rules need to cover several cases, i.e. a situation of actively using the
resource (i.e. web-based service login), as well as just-in-case scenarios, like the data
provisioning.
<br />
This topic aims to explore the area of enforcing acceptance of Acceptable Use Policies as an
activity of managing access to resources. We like to understand which parties (e.g. user
communities, e-infrastructures, resource owners, …) need to be involved in the process and how
to combine their requirements together. Based on the analysis we will develop a web-based
application which will provide tools to manage AUPs on a central level (within the AAI) and
let users approve (whilst recording this act) such a policy document.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#aup-service-details"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/GwD2HQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="aup-service-details">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>This activity is work in progress at the time of writing.</p>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>This activity is work in progress at the time of writing.</p>
</li>
</ul>
</div>
<!-- Community Tagging (a.k. Pixie Dust) -->
<div class="card" id="community-tagging">
<img
src="https://wiki.geant.org/download/attachments/148090083/community-tagging.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Standards</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2019 - 12 Nov 2019"
>Cycle 1</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
</div>
<h2 class="card-title">Community Tagging</h2>
<p class="card-text">
Research communities have a need to express and potentially share certain trust marks on IdPs
and SPs. These trust marks may differ from existing trust marks issued by identity
federations. This is why this activity implemented a proof of concept based on a given set of
community requirements and investigated in potential scenarios and impacts.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-12"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/Z7AuBw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-12">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a
href="https://wiki.geant.org/download/attachments/120500327/Community%20tagging%20-%20GAP%20analysis.pdf?version=1&modificationDate=1574693562199&api=v2"
>Community Tagging GAP analysis</a
>
</li>
<li>Proof of concept using Access Check Tool in conjunction with Jagger</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/126983709/Video1-Jagger_create_fed_and_end_cat.mp4?version=1&modificationDate=1573558150477&api=v2"
>Video: create a federation and new entity catergory</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/126983709/Video2-Access_Check.webm?version=1&modificationDate=1573558175315&api=v2"
>Video: Access Check</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/126983709/Video3-Jagger_after_Access_check.webm?version=1&modificationDate=1573558184817&api=v2"
>Video: Jagger after Access Check</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The work has been concluded. Documentation on the prototype is publicly available and the
results were provided to the <strong>SIRTFI community </strong> to further pursue this POC.
</p>
</li>
</ul>
</div>
<!-- Community trust -->
<div class="card" id="community-trust">
<img
src="https://wiki.geant.org/download/attachments/148090083/community-trust.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="15 Nov 2019 - 30 Jun 2020"
>Cycle 2</span
>
<span class="badge badge-pill bg-dark text-light">Service</span>
<span class="badge badge-pill bg-dark text-light">Community</span>
</div>
<h2 class="card-title">Community-Based Trust</h2>
<p class="card-text">
This activity examined how identity vetting and token registration can be scaled for
second-factor authentication scenarios where participants are distributed over EU and beyond.
As part of this activity a specific flow - based on a community-based approach - was
investigated. It takes into account the concept of the Web of Trust. While this mechanism
typically does not work well in broad user groups, it is very well suited to distribute trust
between small groups where a pre-existing trust fabric is already in place, as we typically
have in research communities. What was missing is a means to make this trust network auditable
and transparent. In order to make the trust network transparent, this activity identified and
developed tools to support this flow.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-2"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/RQL5Bw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-2">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li><a href="https://wiki.geant.org/x/lxj5Bw">Community based trust architecture</a></li>
<li>
<a
href="https://wiki.geant.org/download/attachments/133759557/vetting%20flow%20with%20readid.pdf?api=v2"
>Identity validation service design <small>using readID</small></a
>
</li>
<li><a href="https://wiki.geant.org/x/jwG7C">Fully integrated test environment</a></li>
<li><a href="https://github.com/mrvanes/commtrust">Publicly available source code</a></li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The outcome is intended to be used in the scope of <strong>research communities</strong>. In
collaboration with the <strong>eduTEAMS task</strong> the results can be used to provision
and improve the Stepup solution of the GÉANT service.
</p>
</li>
</ul>
</div>
<!-- Cryptech HSM - Preparation phase -->
<div class="card" id="cryptech-hsm">
<img
src="https://wiki.geant.org/download/attachments/148090083/cryptech.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Security</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2019 - 12 Nov 2019"
>Cycle 1</span
>
</div>
<h2 class="card-title">Cryptech HSM</h2>
<p class="card-text">
In many of the T&I services in the R&E sector, there is a need to securely store sensitive
data like key material. Currently, this is rarely done using Hardware Security Modules (HSM)
as they are associated with high costs. The goal of this activity was to evaluate the
capability and applicability of affordable devices from the Cryptech project for use cases
within the GÉANT project and to set up devices for testing purposes.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-13"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/brAuBw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-13">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>Evaluated usage of Diamond Key appliances and capabilities</li>
<li>
<a
href="https://docs.google.com/document/d/18Am5R3MypAuiZyNoEmPVhLLrvrKby3CUlUpnzIDfyZw/edit"
>Detailed community use-cases for HSM</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The work could not be concluded as Diamondkey seased operations during the evaluation
period.
</p>
</li>
</ul>
</div>
<!-- DI revisited -->
<div class="card" id="di-revisited">
<img
src="https://wiki.geant.org/download/attachments/148090083/di-revisited.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="08 Oct 2021 - 03 Mar 2022"
>Cycle 5</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
</div>
<h2 class="card-title">Distributed Identity Revisited</h2>
<p class="card-text">
Distributed Identity (DI) presents an interesting paradigm for the T&I NREN community. Its concepts are very appealing and align well with public values in our community. At the same time many of the technical and functional properties are still in development and present numerous questions and challenges, as was shown in recent work in NRENs and in the Incubator.
The activity proposed builds on earlier work and investigates the following aspects of DI:
<ul>
<li>What roles could/should GEANT and NRENs play in a DI ecosystem, and what are the associated benefits, challenges and risks?</li>
<li>Which current services in the GEANT portfolio would benefit from the use of DI, and what would that look like?</li>
<li>To what extent can existing initiatives implementing distributed ledgers technology be used to act as a Verifyable Data Registry to satisfy the above use cases and requirements? We should test with for example EBSI, etherium or Sovrin. How do these compare to the IRMA solution we previously tested. (IRMA does not use DLT).</li>
<li>Initial testing with IRMA revealed a wallet based approach may not always provide an optimal user experience. What requirements do we have for the User interface (wallet/app) and can we implement or mock these to test these requirements with stakeholders.</li>
</ul>
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#di-revisited-details"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/i4DvF"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="di-revisited-details">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="#">Report on DI for GÉANT, NRENs and institutions</a>
</li>
<li>
<a href="https://wiki.geant.org/download/attachments/351240335/TII%20Public%20Demo%205.3%20Feb%202022.pdf?version=1&modificationDate=1650873704224&api=v2">Demo video</a>
</li>
<li>
<a href="https://wiki.geant.org/download/attachments/351240335/Self%20Sovereign%20Identity%20use%20cases.pdf?version=1&modificationDate=1650873830567&api=v2">SSI use cases</a>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>The investigation of DI use cases for GÉANT, NRENs and institutions was completed. The results were published as a report.</p>
</li>
</ul>
</div>
<!-- Discovery Pilot -->
<div class="card" id="discovery-pilot">
<img
src="https://wiki.geant.org/download/attachments/148090083/discovery-service.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2019 - 12 Nov 2019"
>Cycle 1</span
>
<span class="badge badge-pill bg-dark text-light">Service</span>
</div>
<h2 class="card-title">Discovery Pilot</h2>
<p class="card-text">
Discovery is used in Federated Identity Management to locate the users home organization. This
activity evaluated the pilot discovery service ran in the previous GÉANT project and
investigated if/how the implementation technology Seamless Access developed within the RA1
project can be used for an implementation in eduGAIN.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-9"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/0bAuBw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-9">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a
href="https://wiki.geant.org/download/attachments/120500433/eduTEAMS%20Discovery%20Service%20Feedback%20Report.pdf?version=1&modificationDate=1556205985146&api=v2"
>DSX Discovery Service Feedback Report</a
>
</li>
<li>Preparation of handover to eduGAIN service activity</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The work has been concluded in the Incubator and was handed over to the
<strong>eduGAIN service task</strong>
for the purpose of making a production service.
</p>
</li>
</ul>
</div>
<!-- Using Distributed Identity for managing researcher access -->
<div class="card" id="distributed-identity">
<img
src="https://wiki.geant.org/download/attachments/148090083/distributed-identity.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2021 - 14 Sep 2021"
>Cycle 4</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
</div>
<h2 class="card-title">Distributed Identity for researchers</h2>
<p class="card-text">
A new paradigm, Distributed Identity, tries to let user be in direct control of the profile
information they share with services. Rather then letting others provide claims towards a
service, the users collects claim themselves from various sources and independently provides
these when so requested by services. The services can check the validity of these claims
against a central verifiable claims registry. This activity investigates the functional
requirements for such a system by interviewing key stakeholders.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-23"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/UACeDQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-23">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://wiki.geant.org/display/gn43wp5/DI4R+Report">DIR4R Report</a>
</li>
<li>
<a href="https://wiki.geant.org/display/gn43wp5/Evolution+to+DI4R">Evolution to DI4R</a>
</li>
<li>
<a href="https://gitlab.geant.org/TI_Incubator/di4r">Source Code</a>
</li>
<li>
<a href="https://wiki.geant.org/display/gn43wp5/MFA+Options+for+SmartPhone+wallets"
>MFA Options for SmartPhone wallets</a
>
</li>
<li>
<a href="https://wiki.geant.org/display/gn43wp5/CAMP+presentation%2C+Oct+5%2C+2021"
>Demo video</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
This activity explored the applicability of distributed identity for research use cases. The
results were published in a report and made available to the entire
<strong>community</strong>.
</p>
</li>
</ul>
</div>
<!-- Second Factor Authentication - Distributed Vetting -->
<div class="card" id="distributed-vetting">
<img
src="https://wiki.geant.org/download/attachments/148090083/sfa.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2019 - 12 Nov 2019"
>Cycle 1</span
>
</div>
<h2 class="card-title">SFA - Distributed Vetting</h2>
<p class="card-text">
Several research communities, especially in the life sciences domain, have a need to use
second factor authentication to improve the quality of their authentication. One of the
challenges identified was how to securely vet the second factor tokens of the participants of
a collaboration in a case where the members of the collaboration are very distributed, as is
the case in most pan-EU research collaborations. This activity investigated, together with
research communities, how the token registration can be scaled for scenarios where
participants are distributed over the EU and beyond. The aim of this task was to identify ways
this vetting can be done.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-7"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/zLAuBw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-7">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a
href="https://wiki.geant.org/display/gn43wp5/Second+Factor+Authentication+-+Distributed+Vetting?preview=/120500428/133771754/DV-MFA%20Report.pdf2"
>Final Distributed Vetting Report</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
A final report was delivered. The activity will continue for another
<strong>Incubator</strong> cycle.
</p>
</li>
</ul>
</div>
<!-- eduLNK -->
<div class="card" id="edulnk">
<img
src="https://wiki.geant.org/download/attachments/148090083/edulnk.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Security</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="03 Jul 2020 - 09 Feb 2021"
>Cycle 3</span
>
<span class="badge badge-pill bg-dark text-light">Service</span>
</div>
<h2 class="card-title">eduLNK</h2>
<p class="card-text">
eduLNK aims to provide software and potentially a servcie for a secure, persistent and privacy
preserving link shortener for research and education. Link shorteners reduce a lengthy URL on
the internet to something short and snappy, and sometimes easy to remember. As such it is a
very well used and liked functionality within our community. Many ‘free’ link shorteners
exist, however, their free nature comes with a number of challenges, including serving
advertisements and data mining the users behaviour and interests. Next to privacy concerns,
many free link shorteners have a limited lifetime for the links they present. eduLNK aspires
to deliver a product from and for the community which can be trusted and used securely in a
privacy preserving way.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-15"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/V5HTC"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-15">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li><a href="#"></a>eduLNK source code</li>
<li><a href="https://test.edulnk.org/">eduLNK prototype</a></li>
<li><a href="#"></a>Onboarding documentation</li>
<li><a href="#"></a>New Idea Form</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/148089097/eduLNK.mp4?version=1&modificationDate=1617046085217"
></a
>Final presentation
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
A prototype of the eduLNK software was created and a public test instance was made
available. With the submission of the official new idea form, eduLNK may become a potential
new service in the GÉANT project.
</p>
</li>
</ul>
</div>
<!-- Instant User Provisioning and Deprovisioning -->
<div class="card" id="feudal">
<img
src="https://wiki.geant.org/download/attachments/148090083/feudal.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="15 Nov 2019 - 30 Jun 2020"
>Cycle 2</span
>
<span class="badge badge-pill bg-dark text-light">Service</span>
<span class="badge badge-pill bg-dark text-light">Community</span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">Instant User Provisioning</h2>
<p class="card-text">
Some systems, like non-web services, cannot be federated easily because they need user
accounts to be provisioned before they can login. A prototype of an instant deployment tool
called FEUDAL was developed by KIT. It facilitates provisioning of user accounts using virtual
organisations (VO). Feudal is based on OIDC: It is an OIDC client, and it simply transports
the information of the /userinfo endpoint along. Feudal is based on the concept of VOs (or
authorisation Groups), i.e. the end services provide the information which VOs it supports.
Feudal web fronted will only display services for provisioning to a given user based on his VO
membership.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-6"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/-QH5Bw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-6">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://wiki.geant.org/x/-4VgBw">Architecture document</a>
</li>
<li><a href="https://git.scc.kit.edu/feudal">Publicly available source code</a></li>
<li>
<a
href="https://git.scc.kit.edu/feudal/feudalAdapterLdf/-/blob/incubator-uros-ldap/ldf_adapter/backend/ldap.py"
>LDAP integration POC</a
>
</li>
<li>
<a href="https://feudal.scc.kit.edu/"
>Test environment <small>including eduTEAMS integration</small></a
>
</li>
<li>
<a href="https://wiki.geant.org/pages/viewpage.action?pageId=148078632"
>Promoted demo videos</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The aim of this project was to create an easy to use, adoptable software solution to
provision server users and provide this tool to the <strong>community</strong>. The solution
is ready to be picked up and further developed and used by <strong>KIT</strong>. They plan
to use this software in two <strong>"Helmholtz" projects HDF and HIFIS</strong> in Germany
for the foreseeable future. Besides this, the solution was adjusted to the needs of
eduTEAMS. The solution was provided to the <strong>eduTEAMS service task</strong> to be
integrated into the GÉANT service.
</p>
</li>
</ul>
</div>
<!-- Identity Validation Broker Service Business Case -->
<div class="card" id="identity-broker">
<img
src="https://wiki.geant.org/download/attachments/148090083/identity-validation.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="03 Jul 2020 - 09 Feb 2021"
>Cycle 3</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
</div>
<h2 class="card-title">Identity Validation Broker</h2>
<p class="card-text">
Both research communities as well as institutions have a need for proper proof of the identity
of their users. This ranges from cases where e.g. new students living abroad need to be
identified as part of the boarding into an institution, to scenarios where access to (medical)
data puts regulatory demands on the research community. Identity proofing is however expensive
and scales very poorly, especially in cases where the users are (very) distributed. This
activity investigates, based on requirements collected from multiple stakeholders, if and in
which way this situation may be improved.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-16"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/WZHTC"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-16">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a
href="https://wiki.geant.org/download/attachments/148083033/Identity%20verification%20Requirements%20Gathering.pptx"
>Identity verification requirements</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/148083033/Stakeholder%20Report%20on%20Identity%20Verification%20for%20R%26E_v1.pdf"
>Stakeholder Report on Identity Verification for R&E</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/148083033/Identity%20Proofing%20for%20RE_v1.pdf"
>Identity Proofing for R&E</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/148089097/Identity_Broker.mp4?version=1&modificationDate=1617046433871"
></a
>Final presentation
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
Our findings indicated a strong desire for information about the capabilities of the various
document-based identity verification solutions, which would help in defining what the
requirements and suitable deployment model for an R&E focused solution could be. In
particular we concluded that further work would be needed to reach a definitive conclusion
and recommended: Establishment of a platform for information capture and exchange on
document-based identity verification solutions Comparative analysis of available commercial
solutions should be performed and made available Surveying of the broader R&E community
based on the findings so far to see the level of interest and support more generally
Constructing a preliminary business case for a community-operated service following the
broader survey It is hoped that an interested party or parties can take this work forward,
as further work on this topic is currently outside the scope of the Incubator.
</p>
</li>
</ul>
</div>
<!-- IdP as a Service -->
<div class="card" id="idp-service">
<img
src="https://wiki.geant.org/download/attachments/148090083/idpaas.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2019 - 12 Nov 2019"
>Cycle 1</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
</div>
<h2 class="card-title">IdP as a Service</h2>
<p class="card-text">
The former GN4-2 project developed a solution to offer an IdP as a Service solution (IdPaaS)
for hosted IdPs. This activity aimed at investigating the business case of this solution and
to create a reference design and implementation for an easy to use software solution to enable
NRENS to provide an IdPaaS offering.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-8"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/doSRBw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-8">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li><a href="https://wiki.geant.org/x/h4fYBw">IdPaaS Reference Design</a></li>
<li><a href="https://wiki.geant.org/x/7wr5Bw">IDPaaS Reference Implementation</a></li>
<li>
<a
href="https://wiki.geant.org/download/attachments/126977142/IdPaaS%20Screencast.webm?api=v2"
>IdPaaS Screencast</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The work has been concluded within the Incubator. samlidp.io is available as an open source
software for the <strong>community</strong> and may be used by commercial vendors as well.
</p>
</li>
</ul>
</div>
<!-- Metadata push -->
<div class="card" id="metadata-push">
<img
src="https://wiki.geant.org/download/attachments/148090083/metadata-push.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Standards</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="15 Nov 2019 - 30 Jun 2020"
>Cycle 2</span
>
<span class="badge badge-pill bg-dark text-light">Service</span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">Metadata push MDQ</h2>
<p class="card-text">
Metadata is at the heart of the trust fabric of current R&E Identity Federations. For the
trust to properly propagate, this metadata is first collected from and then distributed by the
federation towards the federation members. This activity had investigated a new proposal
called "push MDQ", which introduces a new, potentially highly scalable way of distributing
metadata.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-1"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/7AH5Bw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse .d-print-inline-block" id="details-1">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://github.com/mrvanes/pyFF/tree/websub">Publicly available source code</a>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/133759468/Using%20public%20websub%20hubs%20for%20PushMDQ.pdf?api=v2"
>Use of public websub hubs</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/133759468/PushMDQ%20implementation%20guidance%20for%20Federations.pdf?api=v2"
>Implementation guidance for federations</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
All changes made to the pyFF software were uploaded to the official software project to be
maintained by the <strong>IdentityPython group</strong>. Furthermore, all results of the
push MDQ analysis and the POC were transferred to the
<strong>eduGAIN service task</strong> for further improvement of the GÉANT service.
</p>
</li>
</ul>
</div>
<!-- Porting oidc-agent to Windows -->
<div class="card" id="oidc-agent">
<img
src="https://wiki.geant.org/download/attachments/148090083/oidc-agent.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Standards</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2021 - 14 Sep 2021"
>Cycle 4</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">Porting oidc-agent to Windows</h2>
<p class="card-text">
<a href="https://indigo-dc.gitbook.io/oidc-agent/">oidc-agent</a> is a command line set of
tools that enables the users to manage and obtain (mostly) OIDC tokens on command line. It
follows the design of the ssh-agent and, as such, it can be easily integrated in the user's
flow. However, current version only covers Linux and MacOS users. This activity would port the
oidc-agent to Windows OS. The expected impact is potentially large, since users from many
communities that may use this tool (such as HPC, or any community that need constant access to
computing and storage resources as part of their work) typically rely on Windows as their main
operating system. This activity investigates the best approach to porting the oidc-agent.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-21"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/SgCeDQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-21">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://github.com/indigo-dc/oidc-agent">Source Code</a>
</li>
<li>
<a href="https://indigo-dc.gitbook.io/oidc-agent/">Technical documentation</a>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/247431187/OIDC-Agent.mp4?version=1&modificationDate=1622630166361&api=v2"
>Demo video</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The source code was submitted to the upstream repository and is publicly available to the
community. The <strong>Karlsruhe Institute of Technology (KIT)</strong> will maintain the
software.
</p>
</li>
</ul>
</div>
<!-- Add OIDC OP support to SimpleSAMLphp -->
<div class="card" id="oidc-op-ssp">
<img
src="https://wiki.geant.org/download/attachments/148090083/oidc-op-ssp.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Standards</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2021 - 14 Sep 2021"
>Cycle 4</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">SimpleSAMLphp OIDC OP</h2>
<p class="card-text">
SimpleSAMLphp (SSP) is a commonly used software product for both SP and IdP deployments in
Research and Education. In addition it may also be deployed as a proxy. Next to SAML, various
other authentication protocols are supported.While SSP already supports the OpenID Connect
(OIDC) Relaying Party (RP) interface, an OIDC OpenID Provider (OP) implementation is missing.
<br />
This activity seeks to implement an OIDC OP in accordance with the OIDC specification into
SSP. There is an existing module available at Github. It needs to be investigated whether this
is suitable for this activity.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-18"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/RQCeDQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-18">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://github.com/simplesamlphp/simplesamlphp-module-oidc"
>SimpleSAMLphp OIDC module</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/320471174/SSP-OIDC_demo.mp4?version=1&modificationDate=1632930580727&api=v2"
>OIDC demo video</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The work has been concluded and the results were provided to the
<strong>SimpleSAMLphp developers</strong>. The source code is publicly available and will be
maintained by the upstream maintainers.
</p>
</li>
</ul>
</div>
<!-- ORCID as IdP of last resort -->
<div class="card" id="orcid">
<img
src="https://wiki.geant.org/download/attachments/148090083/orcid.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2019 - 12 Nov 2019"
>Cycle 1</span
>
<span class="badge badge-pill bg-dark text-light">Service</span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">ORCID as IdP of last resort</h2>
<p class="card-text">
Many research collaborations as well as campus services need a solution to deal with guest
identity, as in many cases not all users are members of the academic Identity Federations. As
a result, several federation operators as well as research collaborations operate IdPs or
proxies to allow users to authenticate through external identity providers like social ones.
This has led to serious reinventing of the wheel. This pilot aimed to bring the widely used
ORCID service into the GÉANT IDhub as Identity Provider of last resort. Furthermore
organisational and legal aspects as well as technical improvements were investigated.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-11"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/WbAuBw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-11">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a
href="https://wiki.geant.org/download/attachments/120500313/ORCID%20IdP%20as%20last%20resort.pdf?api=v2"
>Business Case Analysis</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/120500313/Identity%20proxying%20for%20Guest%20Identities%20in%20the%20context%20of%20GDPR.pdf?api=v2"
>Identity Proxy GDPR Report</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/120500313/Report%20of%20the%20collaboration%20with%20the%20SATOSA%20project.pdf?api=v2"
>Technical solution based on SaToSa software stack</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/120500313/ORCID%20Screencast.webm?api=v2"
>ORCID Screencast</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The work has been concluded with the results handed over to be further developed in the
<strong>IDhub</strong> to improve the GÉANT service.
</p>
</li>
</ul>
</div>
<!-- pyFF Optimizations -->
<div class="card" id="pyff-optimization">
<img
src="https://wiki.geant.org/download/attachments/148090083/pyff.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Standards</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="03 Jul 2020 - 09 Feb 2021"
>Cycle 3</span
>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">pyFF Optimizations</h2>
<p class="card-text">
pyFF is an open source and widely used product which is used to provide Discovery and Metadata
Query services for identity federation. This topic investigates optimizations in pyFF
operations, including but not limited to, performance and memory consumption. When processing
the eduGAIN metadata, pyFF memory usage balloons to the gigabytes, hereby inflicting some
extra cost when running on procured VM's like AWS. The startup/restart process speed, and
service behavior while being started/restarted may also be improved. In particular, the
service should never throw 5xx errors while in a normal startup/shutdown process.
<br />The goal of this project is to optimize pyFF memory consumption and (re-)start behavior.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-17"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/UZHTC"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-17">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li><a href="#"></a>pyFF test report</li>
<li><a href="#"></a>Metadata mockup report</li>
<li><a href="#"></a>Blog post</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/148089097/pyFF_Optimization-Metadata.mp4?version=1&modificationDate=1617046521186"
>Final presentation</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The aim of this activity was to investigate whether the existing pyFF software can be
optimised to reduce memory consumption and improve performance. For this purpose, intensive
profiling of the software was carried out and a large number of experiments were conducted.
All tests and results were documented in a report, which was passed on to the developer
communities of the tools.
</p>
</li>
</ul>
</div>
<span
data-toggle="tooltip"
data-placement="top"
title="This activity is work in progress at the time of writing"
></span>
<!-- eduGAIN Service Catalogue -->
<div class="card" id="service-catalogue">
<img
src="https://wiki.geant.org/download/attachments/148090083/service-catalogue.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2021 - 14 Sep 2021"
>Cycle 4</span
>
<span class="badge badge-pill bg-dark text-light">Community</span>
</div>
<h2 class="card-title">eduGAIN Service Catalogue</h2>
<p class="card-text">
The eduGAIN Support Team, Secretariat and business development received several requests from
SPs, IdPs and NRENs for an eduGAIN Service Catalogue. Currently the eduGAIN Entities Database
tool and REFEDS Metadata Explorer Tool (MET) are the two services closest to a service
catalogue, but there are inconsistencies between the two tools.
<br />
The Incubator attempts to improve the solution based on the outcome of this pilot phase.
Depending on the requirements and use cases that need to be supported, new features can be
added in following an iterative process. If there are not enough participants to provide a
meaningful amount of data, no additional developments will be carried out by the Incubator. In
this case, the software is decommissioned at the end of the pilot phase and the project is
terminated.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-19"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/TACeDQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-19">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://surfnet-niels.github.io/">Technical prototype</a>
</li>
<li>
<a href="https://wiki.geant.org/download/attachments/247431187/SC_demo.mp4">Demo video</a>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/228458572/Service%20Catalogues%20Comparison.pdf?api=v2"
>Service Catalogues Comparison.pdf</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/228458572/RFC%20-%20The%20eduGAIN%20Service%20Catalogue%20%28REFEDS%20Audience%29.pdf?api=v2"
>RFC - The eduGAIN Service Catalogue (REFEDS Audience)</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/228458572/RFC%20-%20Service%20catalog%20functional%20design.pdf?api=v2"
>RFC - Service catalog functional design</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The project has reached a point where engagement from the community is required to take the
work forward. At this time we have received no offers of engagement and we are therefore
stopping our work, leaving documentation and existing code available to any group who may
wish to continue developing the Service Catalogue.
</p>
</li>
</ul>
</div>
<!-- Service report -->
<div class="card" id="service-report">
<img
src="https://wiki.geant.org/download/attachments/148090083/service-report.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="15 Nov 2019 - 30 Jun 2020"
>Cycle 2</span
>
<span class="badge badge-pill bg-dark text-light">Service</span>
</div>
<h2 class="card-title">Service Status Reporting</h2>
<p class="card-text">
The T&I activities of the GEANT project run a multitude of services ranging for eduroam and
eduGAIN to InAcademia, eduTEAMS and various smaller helper services for eduGAIN without a
single overview of the state of all these services. The highly distributed nature limits our
ability to present in a consistent way the status of these services and it hinders us in
explaining issues when something is wrong. This is relevant both for members of the GEANT
community as well as other other stakeholders like service owners and funding agencies. This
activity wanted to create a comprehensive, high level and user friendly publicly facing
service dashboard for T&I services. Since many freely or commercially available services for
measuring availability already exist this activity investigated and compared them to choose a
suitable solution for the GÉANT project.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-3"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/-wH5Bw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-3">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://wiki.geant.org/x/PQOMC"
>Requirements for a GÉANT service reporting tool</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/133759487/Monitoring%20tool%20market%20analysis.pdf?api=v2"
>Monitoring tool market analysis</a
>
</li>
<li><a href="https://status.inacademia.org">POC based on InAcademia</a></li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The result of the market analysis was provided to the <strong>T&I service task</strong>.
</p>
</li>
</ul>
</div>
<!-- Shibboleth OIDC Extension -->
<div class="card" id="shibboleth-oidc">
<img
src="https://wiki.geant.org/download/attachments/148090083/shibboleth.png"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Standards</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2019 - 12 Nov 2019"
>Cycle 1</span
>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">Shibboleth OIDC Extension</h2>
<p class="card-text">
Up to now, R&E federations are predominantly relying on the SAML2 protocol. With upcoming
needs from industry and commercial service providers the OpenID Connect (OIDC) protocol is
increasingly moving into focus. This activity supported the development of an Shibboleth OIDC
Extension to the Shibboleth IdP and was paving the way to make the extension a fully sustained
product.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-10"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/WLAuBw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-10">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://github.com/CSCfi/shibboleth-idp-oidc-extension"
>Shibboleth IdP OIDC Extension</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The work has been concluded and the results were handed over to the
<strong>Shibboleth consortium</strong>. The Extension is certified by the OIDC Foundation.
</p>
</li>
</ul>
</div>
<!-- IdP/SP software testbed -->
<div class="card" id="software-testbed">
<img
src="https://wiki.geant.org/download/attachments/148090083/software-testbed.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2021 - 14 Sep 2021"
>Cycle 4</span
>
</div>
<h2 class="card-title">IdP/SP software testbed</h2>
<p class="card-text">
It is currently very hard to test new releases of IdP and SP software against other IdP/SP
products. This activity attempts to design an automated test environment. A suitable
architecture for an IdP/SP continuous integration platform is to be created. This involves
creating use cases and identifying technologies that support them. An iterative approach, in
which use cases are successively implemented and products are integrated one after another, is
intended to quickly create a functional platform. If the CI approach is successful,
ready-to-use software packages can be provided using container technologies such as Docker, to
deploy the entire software locally by NRENs or other parties.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-20"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/TgCeDQ"
class="btn btn-outline-primary float-right"
target="_blank"
></a>
</div>
<ul class="list-group list-group-flush collapse" id="details-20">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://gitlab.geant.org/matteo/idp-sp_testbed">Source Code</a>
</li>
<li>
<a href="https://wiki.geant.org/display/gn43wp5/Testbed+Design"
>Technical documentation</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/247431187/testbed.mp4?version=1&modificationDate=1622807769780&api=v2"
>Demo video</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
A prototype of an IdP/SP software testbed was successfully created. The results were
presented to the community and made publicly available. No group was identified to continue
the development of this project.
</p>
</li>
</ul>
</div>
<!-- SSH Federated -->
<div class="card" id="ssh-federated">
<img
src="https://wiki.geant.org/download/attachments/148090083/ssh-federated.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-info">Ongoing</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="20 Mar 2022 - 15 Dec 2022"
>Cycle 6</span
>
</div>
<h2 class="card-title">SSH in a Federated World</h2>
<p class="card-text">
To allow easy access to SSH based services DeiC has made a SSH Certificate Authority
proof-of-concept that issues short-lived SSH certificates based on a federated login. The
system requires no specific client - or service side installed programs and makes it possible
for the user to use all standard ssh services - as long at the certificate is valid. Depending
on the configuration of the participating services the CA allows the user to use the same
username/uid across all services. Optionally it can be combined with systemd-userdb services
to allow for fully automated user management. The CA can also optionally issue host
certificates so the users do not have to trust the servers on first use (TOFU). Initial goal
of the activity is to hold a workshop to gather requirements and showcase and discuss existing
solutions.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#ssh-federated-details"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/sgATIQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="ssh-federated-details">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>This activity is work in progress at the time of writing.</p>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>This activity is work in progress at the time of writing.</p>
</li>
</ul>
</div>
<!-- Automated notification of issues and overall status for federations en entities -->
<div class="card" id="status-reporting">
<img
src="https://wiki.geant.org/download/attachments/148090083/status-report.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Security</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="15 Nov 2019 - 30 Jun 2020"
>Cycle 2</span
>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="03 Jul 2020 - 09 Feb 2021"
>Cycle 3</span
>
<span class="badge badge-pill bg-dark text-light">Service</span>
</div>
<h2 class="card-title">Status Reporting & Notification</h2>
<p class="card-text">
To make the global eduGAIN interfederation scalable and interoperable, it is paramount
participants adhere to agreed upon standards and community best practices. There are currently
already several tools that examine the quality of federation metadata, the connection status
of their IdPs and the attribute release status of their IdPs. This activity is about creating
a tool to aggregate information from various sources and presenting this in an attractive,
easy to understand way to put this information readily into the hands of the federation
operators.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-14"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/_gH5Bw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-14">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>Source Code (closed source)</li>
<ul>
<li>
<a href="https://gitlab.geant.org/TI_Incubator/ansiblestatrep">Ansible deployment</a>
</li>
<li>
<a href="https://gitlab.geant.org/TI_Incubator/edugain-reporting-web">Web client</a>
</li>
<li>
<a href="https://gitlab.geant.org/TI_Incubator/edugain-reporting-api-client"
>Server API</a
>
</li>
</ul>
<li>
<a
href="https://wiki.geant.org/download/attachments/133759482/eduGAIN%20Reporting%20User%20Documentation.pdf"
>User documentation</a
>
</li>
<li><a href="edugain-reporting-beta.incubator.geant.org"></a>Live test environment</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/148089097/eduGAIN_Reporting.mp4?version=1&modificationDate=1617046296609"
></a
>Final presentation
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
A prototype was developed that meets the expectations of the stakeholders. The tool, in
future called "eduGAIN Reporting", was handed over to the eduGAIN Task. In order to develop
this further, an eduGAIN reporting development team was founded. The created prototype is
used for additional tests with the users and replaced by a productive system a few months
later.
</p>
</li>
</ul>
</div>
<!-- Test IdP -->
<div class="card" id="test-idp">
<img
src="https://wiki.geant.org/download/attachments/148090083/test-idp.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="05 Mar 2021 - 14 Sep 2021"
>Cycle 4</span
>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">Test IdP</h2>
<p class="card-text">
This activity creates a freely available, realistic test IdP for the GÉANT community. Based on
the needs of the GÉANT community, the solution may offer SAML, OIDC and supports all the
latest best practices. The requirements and use cases for such a service will be defined in
collaboration with a group of community representatives. Potential features of such a tool
are: test for a specific set of attributes, create an account to save a test profile, an open
(REST) API to configure the IdP using a (web) client. There are different potential business
cases for deployment: as part of the eduGAIN support tools, by GÉANT operations or NREN
hosted.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-22"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/SACeDQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-22">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://gitlab.geant.org/TI_Incubator/test_idp">Source Code (GÉANT Gitlab)</a>
</li>
<li>
<a href="https://surfdrive.surf.nl/files/index.php/s/xafmVMHQ4KquJno">Demo video</a>
</li>
<li>
<a href="https://wiki.geant.org/display/gn43wp5/RFC%3A+Test+IdP+admin+interface"
>Test IdP Architecture</a
>
</li>
<li>
<a
href="https://wiki.geant.org/download/attachments/228458568/Test%20IdP%20Service%20User%20Guide.pdf?version=1&modificationDate=1633079289015&api=v2"
>Test IdP User Guide</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
A Test IdP based on the SimpleSAMLphp software was created. It supports the following tests:
R&S Entity category tests, Behavioural tests, Generic attribute profile tests, Refeds
Assurance Framework tests, Error scenario tests and Experimental profile tests. The Test IdP
was made available in GÉANT Gitlab.
</p>
</li>
</ul>
</div>
<!-- User Profile -->
<div class="card" id="user-profile">
<img
src="https://wiki.geant.org/download/attachments/148090083/user-profile.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-info">Ongoing</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="20 Mar 2022 - 15 Dec 2022"
>Cycle 6</span
>
</div>
<h2 class="card-title">IdP User Profile</h2>
<p class="card-text">
Currently, there is no way for federated users to know at which service providers their
account was used to login. This activity developes a mechanism to track federated signing in
events. That would allow an user to check the recent activity on his account in regards of
authentication. Users could see the list if authentications containing datetime, ip and
relying party etc. That would help them to spot suspicious activity.
<br />
A user profile page deployed as part of Shibboleth IdP and SimpleSAMLphp would enable end
users to gain insight into where their personal data is used and when it was last released to
various services, as far as the IdP is aware. This feature should only release information to
appropriate user (so after login). It needs to be considered how storing user data to
facilitate this plugin would impact data retention policy of the IdP.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#user-profile-details"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/sgATIQ"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="user-profile-details">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>This activity is work in progress at the time of writing.</p>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>This activity is work in progress at the time of writing.</p>
</li>
</ul>
</div>
<!-- WebauthN -->
<div class="card" id="webauthn">
<img
src="https://wiki.geant.org/download/attachments/148090083/webauthn.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Security</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="15 Nov 2019 - 30 Jun 2020"
>Cycle 2</span
>
<span class="badge badge-pill badge-secondary"> TIM </span>
<span class="badge badge-pill bg-dark text-light">Service</span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">WebauthN</h2>
<p class="card-text">
WebAuthn (Web Authentication), part of the FIDO2 Project, is a web standard published by the
W3C that enables strong authentication with public-key cryptography, passwordless
authentication, and secure two-factor authentication. The standard defines a JavaScript API
which allows token registration and subsequent authentication. This activity implemented this
API for the open source software SimpleSAMLphp and SATOSA, which enables them to provide 2FA
functions to the benefit of the R&E community.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-5"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/YQ75Bw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-5">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://github.com/CESNET/satosa-module-webauthn"
>Publicly available source code</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The developed modules were submitted to the upstream repositories to be officially
maintained by the <strong>simplesamlphp groups</strong> and <strong>CESNET</strong>. The
software was provided to the <strong>eduTEAMS service task</strong> to include it into the
GÉANT service.
</p>
</li>
</ul>
</div>
<!-- (De)provisioning connector for Windows -->
<div class="card" id="win-connector">
<img
src="https://wiki.geant.org/download/attachments/148090083/win-connector.jpg"
class="card-img-top"
alt="photo"
/>
<div class="card-body">
<div class="tags">
<span class="badge badge-pill badge-primary">Identity</span>
<span class="badge badge-pill badge-success">Completed</span>
<span
class="badge badge-pill badge-info"
data-toggle="tooltip"
data-placement="top"
title="15 Nov 2019 - 30 Jun 2020"
>Cycle 2</span
>
<span class="badge badge-pill badge-secondary"> TIM </span>
<span class="badge badge-pill bg-dark text-light">Service</span>
<span class="badge badge-pill bg-dark text-light">Community</span>
<span class="badge badge-pill bg-dark text-light">External</span>
</div>
<h2 class="card-title">(De)provisioning connector for Windows</h2>
<p class="card-text">
Identity provisioning and deprovisioning are a necessity for building modern authentication
and authorization infrastructures. They are straightforward yet technically complicated part
of identity and access management. The basic idea is to deliver identity and authorization
information to the managed services, which is complicated by a lack of applicable standards in
this area. Therefore, most of the Identity and access management solutions rely on a custom
solution for provisioning. To overcome this obstacle, this project extends existing IAM
capabilities by implementing a connector to easily provision data to services hosted on
Windows OS based on SSH.
</p>
<button
class="btn btn-info d-print-none"
type="button"
data-toggle="collapse"
data-target="#details-4"
>
Show Details
</button>
<a
href="https://wiki.geant.org/x/bA75Bw"
class="btn btn-outline-primary float-right"
target="_blank"
>Activity page</a
>
</div>
<ul class="list-group list-group-flush collapse" id="details-4">
<li class="list-group-item">
<h5>Results & Deliverables</h5>
<p>The following results were created and delivered:</p>
<ul>
<li>
<a href="https://wiki.geant.org/display/gn43wp5/Installation"
>Windows Connector Installation Guide</a
>
</li>
<li>
<a href="https://github.com/CESNET/perun-services-windows"
>Publicly available source code
<small>including test automation and a windows installation package</small></a
>
</li>
<li>
<a href="https://wiki.geant.org/display/gn43wp5/Test+Environment"
>eduTEAMS integrated test environment</a
>
</li>
<li>
<a
href="https://wiki.geant.org/display/gn43wp5/Provisioning+of+AD+for+the+lab+on+the+university"
>Windows Connecter Case Study</a
>
</li>
</ul>
</li>
<li class="list-group-item">
<h5>Ownership & Utilisation</h5>
<p>
The aim of this project was to create an easy to use, adoptable software solution to
provision server users and provide this tool to the <strong>community</strong> As part of a
case study the solution was implemented for a
<strong>Czech University (Faculty of informatics MU)</strong> which will continue to use the
solution afterwards. <strong>CESNET</strong> will continue to use and maintain the software
for the foreseeable future. Besides this, the solution shall be adjusted to the needs of
eduTEAMS. The solution will be provided to the <strong>eduTEAMS service task</strong> to be
integrated into the GÉANT service.
</p>
</li>
</ul>
</div>
</div>
</div> |
...