• Workflow specification based on a community-based approach (i.e. either in text format and/or graphical visualization such as BPMN flow(s))
• Report on identification of tools (e.g. REMS: https://confluence.csc.fi/display/REMS) to support the flow
• Example implementation of at least 1 such a workflow
• Demonstration at the relevant venue
• Describe how the vetted identity may be used in common authN and AuthZ systems like eduTEAMS
• It was noted the proposed work aligns well with recommendations made by the InCommon XYZ. We should discuss.

Based on the specified flow, tools to support and implement the flow need to be identified.

The following outputs of the previous Incubator cycle will be taken into account:

• Wiki page: https://wiki.geant.org/x/zLAuBw
• Report of the previous Incubator cycle: to deliver

• Keep the community-based approach in this iteration as simple and user-friendly as possible in order to avoid complexity which might lead to incomplete work
• Solution might not fulfil 100% of the use cases

• Integration with readID
• Documentation produced
• Demonstrator (publicly available) integrating with readID, ORCID, google
  • RA management web interface: https://ra.incubator.geant.org/index.php
  • Applicant web interface: https://app.incubator.geant.org/
  • The following internal test IdP accounts can be used to access the web interfaces: https://github.com/OpenConext/OpenConext-DIY/blob/master/group_vars/logins.json All user interfaces hide actual attributes harvested from real IdP's like google and orcid. staff1 has access to the RA part of the application.
  • Code available via Github: https://github.com/mrvanes/commtrust