Date

Attendees

Goals

  • Reports on TIIME
  • Set the direction for the development of the signing service
  • Pilots?

Discussion items

TimeItemWhoNotes
10minTIIME
  • Lot of interest on OIDCFed, plenty of people during the discussions
  • Shibboleth OIDC extension: some interest, but to have it taken into consideration for testing it needs the authorization code flow – due in mid march
50min  

Endpoints and processes for the signing service:

# 1. Enrollment

Out of band connection

get an access_token in order to use the MDSS


#  2. Metadata_statements creation/update

##  metadata_statements signing request ENDPOINT

(OAuth2 protected)


POST /mdss/entity


{

    "signing_keys": ...,

    "claims": ...,

    "access_token": ...

}


return a signed metadata_statement and the entity ID

## Update signing_keys in the metadata_statement ENDPOINT

(OAuth2 protected)


PUT /mdss/entity/id

JSON payload

{

 "signing_keys": ...

}


return a signed metadata_statement


## Update claims in the metadata_statement ENDPOINT

(OAuth2 protected)


PUT  /mdss/entity/id

json payload

return a signed metadata_statement


# 3. Get a  (resigned) metadata_statement ENDPOINT

(public)


GET  /mdss/entity/id


return a metadata_statement signed by the MDSS_FO


GET  /mdss/entity/id?superiors=[sup1,sup2]


return an ms signed by the MDSS_FO plus the inner ms


# 4. Superior

Out of band configuration


5minPilots
We need the signing service before enrolling organizations into pilots.

Action items

  • Davide Vaghetti will refactor the current fedoidc_ss into mdss following the above description