...
- Step back/forward during config changes (step-by-step wizard for adding a new entity/item)? Scenarios, like proxy, could be set up the same way.
- Should metadata feed into SSP and SaToSa configurations, or should we limit the MVP to one platform, e.g. SSP?
- Add/remove/update entity metadata to participated federation(s), or at least let the user know what should be notified?
- Could remote entities be offered in the GUI based on federation metadata?
...
Features: What about notifying the changed status to other known related entities? Or notify user that known connected entities may be affected, offering shortcuts to their configuration/relationships editing.
Configure proxy mode
Context: If you added at least one of (SAML IdP, OIDC OP) and one of (SAML SP, OIDC RP), you can act as a proxy. In this case, a configuration option that was previously unavailable ("grey") becomes available as 'Proxy Configuration.'
Here, you can add identity and profile attribute mappings.
Features: Is proxying between SAML and OIDC for a later version beyond the MVP? Also, what would be a level of control over SAML/OIDC associations, since SaToSa is doing some things on its own.
Edit data sources and data release (not MVP)
...
- Search (of what, where, by what attributes?).
- Proxy wizard.
- Mapping between local and remote admin users (we could restrict the MVP to require mutually identical or trusted users).
- Is proxying between SAML and OIDC for a later version beyond the MVP?
Topology graph.
- Reporting and analytics: statistics, issues, events/logs.
- Audit trail (in addition to basic reports).
- Management of multiple/remote proxy instances.
Entity lifecycle management: Draft, Test, Production, Support for parked entities/configs, Logically deleted.
- Publicly specified API to access/edit configuration/history of the service and its entities.
- Managing (meta)data exchange (at the proxy):
- Management of attribute filtering between IdPs and SPs.
- Management of mapping of attributes.
- Attribute transformation rules.
- Setting attribute values for entities.
- Possibly contentious:
- Validation of encryption and signatures of entities and their messages.
- Enforcement of authentication and authorisation policies (defined locally or by IdPs).
- Integration with MFA by the proxy.
...