You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This page collects proposals for future Incubator activities. Anyone may add a new idea by adding a new row to the table below.

Ideas don't need to be fully formed but the more scope we can get the easier it will be to assess whether the idea should be taken forward.  

Anything in the Trust and Identity space is of interest, from improvements to current services to brand new ideas and technologies.

If you like an existing idea you can just add a +1 for endorsement. The more supporters a proposal gets the more likely it is to be implemented.

Example from a previous cycle


TitleProposerDescriptionSupporter (+1)

Self service - Signing in activity

Janusz Ulanowski
(HEAnet CLG)

Service which could allow an user to check signing in activity on IdP service. That would allow an user to check the recent activity on his account in regards of authentication. Users could see the list if authentications containing datetime, ip and relying party etc. That would help them to spot suspicious activity.

After discussion in the Incubator board, the proposal for the Incubator is inspired by the above proposal, but with a slight difference:

Setting up a service as proposed originally is rather challenging as that service would have to learn about a lot of personal data. However, 'account activity', deployed as part of an IdP extension would actually improve privacy and GDPR compliance of e.g. SimpleSamlPHP and Shibboleth.
Proposal is to create such extensions for SSP and Shibboleth in close collaboration with the relevant community

Both SimpleSamlPHP and Shibboleth as well as also support the OIDC protocol. A 'profile page' should also allow an end user to manage and revoke OIDC access.

Janos Mohacsi: it would be advantageous to have a standardised log format  to all popular IdPs. Then these logs should be dumped to ELK or similar server. The log collection server should  provide a restricted access to the logs of a particular users.

Mihály Héder: I think an Audit Log self-service is an interesting functionality. Account activity is available in many commercial accounts, certainly the googles and the microsofts of the world. We should keep up - also not only the IdP Audit Log but the SP is relevant.

Proposals:

Proposal details:

TitleProposerDescriptionSupporter (+1)








  • No labels