Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
titleDescription of the activity

The goal of the activity is to deliver a (software or service) solution that assists federation operators of NREN federations in testing at scale of several core security aspects of Service Providers SAML deployments within their federation.
Deployment scenarios, to be confirmed with stakeholders, might include:

  • Self-testing by an SP as part of the route towards becomig a production deployment
  • (Automated) Testing the SP deployment as part of the inital onboarding into the federation by FedOps
  • (Automated)Testing the SP deployment as part of periodic review by FedOps
  • Instituion initiated testing of SP as part of compliance review, e.g. wrt GDPR compliance

This topic should include the technical implementation of the use cases we would like to test against. In addition it needs to discuss and if need be develop a means to support FedOps to deploy the tests. We need to understand testsuite both technically and operationally.
Next to technical and operational requirements we need to understand as well as potential legal aspects, so we can include all of these in the design of the test suite.

Activities:

  • Run at least 1 workshop with the community of Federation Operators to collect and discuss use cases, requirements and deployment scenario's in the context of identity federation
  • Gather at least 3 federation operators who are willing to act as stakeholders and help test the tool in a controled environment
  • Discuss feasibility, risks and risk mitigation possibilities with legal advisor, describe design consideration considerations that result from this discussion
  • Discuss challanges around use cases and describe proposed resolution, allow stakeholders to review
  • Select and implement use cases into test suite
  • Develop a deployment plan with stakeholders to scale up the use of the tool to real world usecases
  • Optional: consider what would be needed to extent this test to OIDC RPs

...