Versions Compared

Old Version 1

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version 2

changes.mady.by.user Niels van Dijk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
titleOverview


ProposerStefan Liström

Mario Reale (

SUNET

GÉANT)

Area


Type of work

Status
titleDevelopment
Status
titleResearch

Output

Status
titlePrototype
 

History


...

Europe is working towards a wallet-based identity ecosystem. The Architecture and Reference Framework (ARF) serves as a basis for the implementation of the proposal for the European Digital Identity Framework.

The current framework assumes all interactions will be handled via an app on a mobile phone. While this may suffice for many users, it will leave out groups that cannot or will not use such devices. In addition, it creates a dependency on the vendors of the devices and the software they run on. Finally, users may not be willing to store and aggregate work related data on a personal device. This activity will investigate if a browser based wallet may be created which can support (parts of) the ARF. To confirm usability for our community, the browser based wallet should be tested with the same scenarios as were previously tested in the incubator using mobile based wallets (Using Distributed Identity for managing researcher access).
Panel
titleOriginal proposal

While supporting new federations in setting up their infrastructures, IdPs and SPs,  generally speaking, we still do not have much automation in place. All is done, still very manually, and takes much time. Talking specifically of the SPs, both for the installation and configuration of the services themselves, and the required operations to federate them (i.e. make them fully functional SAML2 Service Providers), in order to be able to provide them in a federated (e.g.eduAGAIN) fashion, pretty much all is still left to manual set up. 

It would be useful to enhance the level of support we provide to them with the aim of quickly being able to deploy an initial set of services, the ones which could de-facto start to attract users towards the newly deployed federation infrastructure and the federated IdPs. 

The idea here is to propose  a new cycle of T&I incubator task activities aimed at the following tasks:

  1. Identifying an initial set of 2-3 services we’d like to promote as SPs to the new identity federations. (e.g.: Wiki, Moodle, Joomla, eduMEET, Filesender, ..)
  2. Design a solution based on automation, possibly using containers, or automated deployment tools like Ansible, Puppet (which we should aim at making easy for early services deployers), for the services we’d like to deploy. Or any script with the corresponding clear, easy to use documentation which would do as much of the initial installation and configuration work as possible, leaving to a minimum the amount of residual manual interventions required. 
  3. Define both technical and strategic roadmaps to ensure sustainability of these deployment solutions: how will they be upgraded/ported to new versions, which task, or permanent activity in the GN project, or the community could endorse the future work to keep the developed solution working also in future.

    This proposal is about using a full Incubator cycle  to develop an initial solution, work on it, and add some work to design in a clear way how things can be made sustainable after the T&I cycle would be over. 


More information on the proposal on https://docs.google.com/document/d/1pYN73FEbFApkPNAVgdbNIA1_87ekIEAt8HvzhhXkxrk/edit?usp=sharing  

It is noted some very similar requiremtents may serve Virtual Organisations. Arnount Terpstra from SURF writes:

"What I am basically looking for is a set of (fairly simple) "collaboration tools" which nearly every collaboration needs. (Since I am focusing on my service SURF Research Access Management (SRAM) which targets researchers, the type of collaborations I am dealing with are research collaborations, but of course such tools could be used by any type.) What do researchers / collaborations need regardless of which topic they are in? Some tool to do collaborative writing, to jointly make presentations, a date picker to plan meetings, a Wiki to keep meeting notes / documentation, etc. Most of such tools are already freely available (Google Docs, Doodle, etc.) but of course you pay with your privacy. Also, most institutions have something like Microsoft Office365 + Teams, but for some reason these tools are often inaccessible for people outside of their own institution. Thus: based on already available open source and privacy friendly tools, it would be nice to combine this with Mario's idea of making the deployment of these tools quick and easy such that different NRENs (or whoever) can (easily) offer it to their constituency. (BTW I recently stumbled upon this tool: Crypt Pad (https://cryptpad.fr/ for a hosted free demo), which seems to already contain 90%+ of the tools I'm thinking of. Maybe that's an option to start with?)
In my case, access management to these tools is or course handled by SRAM."




Panel
titleDescription of the activity

With respect to the implementation of this, there are a numer of scenarios, basically automating deployment as proposed by Mario above, where the focus is on creating deployment and integration scipts, or an approache as suggested by Niels whic introduces a proxy to aggregate the servces and potentially simplyfy the deployment and integration of tools, however, increasing the complexity in a way, as new comonents are added.
We have to describe these scenarios and weigth the imact in terms of technical complexity, maintainability, etc. The list of high level activiteis is:

  • Describe scenarios and discuss with stakeholders
  • Make an inventory of relevant services we would like to include
  • Create proof of concept of at least one scenario and present to stakeholders
  • Develop proof of concept infor useable product.
Panel
titleDescription of the activity
  • The "Using Distributed Identity for managing researcher access" activitiy lists a number of usecases, usage scenarios and architectures for using wallets in a research environment. We will evaluate these in the light of a webbased wallet and define a list of usecases en requirements we want to test during this activity.
  • We will engage with stakeholders to identify requirements for a webbased wallet to be used in research
  • We will investiugate to what extent the ARF requirements may or may not impede the use of a webbased wallet.
  • A first version of a web wallets has been developed as part of the eDiplomas Wallet Ecosystem activity (https://open.gunet.gr/wallet-docs). We will evaluate the current state of this project and describe gaps.
  • We will define a backlog of technical activities required to resolve the gaps identified
  • We will create a development environement
  • We will describe test scenarions, and set up a test environment
  • We release at least one new version of the webwallet
  • Optional: include the webwallet into the test framework developned as part of the trustframe for wallets activity


Panel
titleOwnership & Utilisation

The following parties will use the results of this activity:

T&I Service
R&E Community
External Party


...