Versions Compared

Old Version 49

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version 50

changes.mady.by.user Nicole Harris

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Title

update SAML tracer

Description

The SAML Tracer (https://addons.mozilla.org/nl/firefox/addon/saml-tracer/) is a highly rated firefox plugin which was developed in our community (UNINETT, with contributions from others). As the browser is the central entity in any SAML transaction, it is extremely convenient tool for testing en debugging SAML transactions. There are not many alternatives to this tool

Unfortunately, Firefox has changed its plugin framework, rendering the existig plugin useless and a major rework is needed.

ProposerNiels van Dijk, SURFnet
Resource requirements

Money, a (junior) developer

+1's

Stefan Winter

Scott Koranda, LIGO

Nick Roy, InCommon



Title

Investigate and test privacy enhancing technologies

Description

During REFEDs at TechEx2017,and later-on during TechEx2017 itself, a interesting discussions developed over the future of federation, the role of users and the use/rise of proxy technology.

This activity investigates and showcases privacy enhancing technologies including, but not limited to, PEP (Polymorphic Encryption Pseudonyms) (1) and IRMA (I reveal my attributes) (2) and tests and validates applicability and usecases of these in the context of R&E federations and eduGAIN.


SURFnet has build some experience with these technologies on a national level, and has for example implemented PEP into commonly used software products like ADFS, Shibboleth and SimpleSAMLphp. In regard to IRMA, it has now been enable in pilot for both SURFconext federation as well as the IDIN Bank ID federation. We feel these technologies have significant promise, but would like to validate this in international context. We would also like to learn about other alternative strategies and solutions that may help us to shape the future of our identity federations.

ProposerNiels van Dijk, SURFnet
Resource requirements
  • Other technologies to showcase other then PEP and IRMA
  • Participants for pilots
  • People with good ideas
+1's
References

(1) https://blog.surf.nl/en/privacy-surfconext-using-polymorphic-pseudonyms/

(2) https://privacybydesign.foundation/irma-en/


Title

Identity Discovery

DescriptionGEANT should operate a discovery service for the global identity 
ecosystem based on the outcomes of the RA21 process and dialogues 
with the research infrastructure community. If possible the service 
should be useful for the eIDAS community aswell.
ProposerLeif
Resource requirementsTo be better scoped, but certainly resources and budget
+1's<for others to voice their support - add your name here>


Title

eduroam DEEP Learning

DescriptionBased on Brooks idea, we train a DEEP network to detect eduroam 
breakage based on log-data. Possible joint work with Juniper Research. 
Leif will provide more information
ProposerLeif
Resource requirementsTo be better scoped, but certainly resources.
+1's<for others to voice their support - add your name here>


Title

SOC tools

DescriptionGEANT should develop and maintain a toolchain for security operations 
(SOC) teams. This includes work on stuff like grr, plaso, timesketch, 
information sharing platforms, threat intelligence platforms etc
ProposerLeif
Resource requirementsTo be better scoped, but certainly resources.
+1's

This is similar to a proposal submitted under the security white paper planning. Talk to Sigita Jurkynaite about this.


Title

IdP Maturity

Description

In the current eduGAIN SAML Profile work there is an effort to develop BCP to position a lot of the current "step-up" processes we have as a set of best current practice for eduGAIN.  Within eduGAIN, these will be positioned as what we consider mature entities  / federations to look like...and this could even possibly be flagged somehow.  The current requirements of eduGAIN will be promoted purely as a baseline and a "first step" to interoperability (acknowledging use cases that don't need any more than that).  The next logical step from that is to review whether there is any need to offer a central service to manage that maturity level for federations / entities as a bolt on to existing federation operations. This could take on a variety of forms and draw in a lot of the areas that have been proposed here. Options and areas could be:

- More work on the eduGAIN technical database to flag maturity for federation / entities.
- Establishing a REEP instance to allow entities to flag maturity when a federation is less developed.
- Allowing eduGAIN OT to decorate entities with additional information.
- Developing processes to allow MDS to select the most mature entity formulation within federations rather than simply the first submitted.

ProposerNicole Harris
Resource requirementsIt depends on the direction taken. Man hours in eduGAIN-OT for developing services, work for a policy lead, work to enhance eduGAIN support service. Possible infrastructure development
+1's<for others to voice their support - add your name here>







You do not have to fill in every field, just give as much detail as you have right now if you know them.