• Davide: Out of being an alpha release, to which extent is it a partial implementation?
  • Henri: missing request object/request_uri support (ref. openid-connect-core sec. 6) \
  • Roland notes that other implementation that were missing request object support did passed the certification
• Current installation process
  
  • Davide asked SWITCH if they could help in improving the current ansible based installation process, and more specifically to prevent wiping out existing configuration: peaple at SWITCH would be happy to help, but it won't happen before second part of the year
  • out of not overriding an existing configuration, testing is needed to prove that the extension can work along most common Shib IdP configurations
  • it would be helpful to have a description of the modification that has to be done on a vanilla shib idp installation. Henri and Janne propose to write it as an Howto install the extension without ansible.
  • Roland notes that anyway the extension will be installed in new environment
    
    

Roland sums up the most important outcomes of the meeting:

• what will be the identity federation landscape by 2022? and what are our goals for those next years?
  • it's not a decision that can be taken solely by this group, but anyway the target of this very group for 2022 can actually be to have OIDC replaced SAML as the standard for federated authN and authZ in the R&E space.  How to make it happen:
    • send the right message to the decision makers (CEOs, CIOs)
    • build a standard set of communication and learning material
• next OIDC learning event (15/16th of May) will be focused on building the standard set of the learning material

Roland participate to a SWAMID Federation meeting where deploying models for OIDC Federation has been discussed.

Important point: Federations need a smooth transition from the current federation model to a new one.

The proposal emerged from the SWAMID Federation meeting is to have final entities (RPs and OPs) be directly part of the Federation, or to put it in terms of the trust chain: the RPs and OPs metadata_statements will be signed by the FO signing keys, without an intermediate organization.

Roland is working on a document to formalize the proposed model.

Davide has been invited to give a brief presentation at next eduGAIN SG meeting (27th of March) on OIDCFed. It is a good occasion to start a discussion on the OIDC Federation models with one the most important stakeholders: the fedops.

Next week Davide will circulate some points about the presentation, so we can discuss them.