MACE and the Internet2 Middleware Initiative (I2MI) focus on Identity and Access Management (IAM) infrastructure to support the needs of the global higher education and research communities and their partners. This charter defines a working group for developing informational documents and best current practices for application developers in support of modern IAM infrastructure, with a particular focus on federated identity (integration of applications with IAM infrastructure across organizational boundaries).
Federation, alongside the traditional problem of developing "well-behaved" applications that work well with a range of IAM approaches, adds a number of new considerations for application developers. These range from user interface issues at the front end, such as identity provider discovery and the presentation of login state and user identity, to uniquely identifying users over time and considerations of local storage vs. just-in-time access to data on the back end. Some issues, such as the need for separation of authentication and authorization, are traditional sources of trouble, while others are unique to federation.
The deployment of federation has proceeded somewhat slowly, for many reasons, but there is broad recognition that major stumbling blocks continue to be the perceived complexity for developers and a lack of good tools and frameworks supporting accepted design patterns. Much knowledge remains confined to a small number of domain experts, and best practices are not widely distributed or accepted.
In the past, MACE and I2MI have fulfilled a knowledge "synthesis" role for earlier technologies like LDAP. The MACE-FedApp Working Group will emulate past efforts, bringing together domain experts to produce documents to guide application developers and tool/framework providers in the incorporation of federated IAM infrastructure.
The Working Group will produce documents covering a set of topics on the development of federated applications. An initial task for the group will be the development of an outline of topics to address, and a plan for developing and structuring its output. Such output may include:
- Documentation of concepts, and terminology.
- Guides, recipes, best practices, demos, proofs of concept or prototypes.
- Proposals for new software development, or new standards.
The Working Group may, if there is agreement and opportunity, seek to evangelize and influence application development tool or framework providers in support of its recommendations.
The Working Group is guided by these principles:
- Work will be done in the context of the MACE/Internet2 Middleware/IAM program but will be open to any and all relevant participation.
- Expertise in popular languages and/or application frameworks will be actively sought.
- Substantial projects, such as new software development, are done as independent projects, not as part of this WG.
The Working Group will operate under the terms of the Internet2 Intellectual Property Framework.
The Working Group will meet via conference calls, and will interact via mailing list and collaboration space, and any other vehicles deemed useful and open.
The Working Group will begin with a two year charter, with the goal of producing useful output by the end of the first year. After two years, the Working Group will mutually determine whether and for how long to continue.