Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Overview & Charter
Roadmap
Presentations
- 2017-11-21 – Alan Crosswell, "Columbia University - API Standards & Practices"
- 2017-10-24 – Gregory Haverkamp, "OIDC and OAuth2 at LBNL" (PDF slides)
Objectives
Note: unless otherwise noted, this working group is focused on organizations in the Higher Education community.
- Refine scope
- Review recommendations from the previous WG
- Define scope for this WG
- Share information
- Collect and share learning materials
- Facilitate information sharing among deployers and interested parties
- Coordinate with international community
- Examples: email lists, wiki pages, conference calls, trainings, workshops, and regular webinars
- Develop best practices
- Document OIDC and OAuth2 use cases
- Document lessons learned
- Include what is and is not being used
- Include software architectures in use including SAML IdPs and proxies
- Include native mobile application authentication using SAML and/or OIDC/OAuth2
- Consider campus-specific vs. federation-specific
- Identify use cases that require multilateral federation support
- Develop recommended practices for deployment, configuration, and use
- Guide standardization
- Identify where increased standardization would benefit organizationn
- e.g., Map SAML Attributes to OIDC Claims
- e.g. map eduPerson schema to OIDC Claims
- e.g. develop profile similar to healthcare, iGov, financial
- Facilitate related standardization
- Work within existing standardization efforts
- Or create new efforts
- Support multilateral federation
- Identify issues R&E federations must address to provide federated OIDC/OAuth2
- Include metadata, discovery, etc.
- Coordinate with GEANT OpenID Connect Federation
- https://wiki.geant.org/display/gn42jra3/T3.1A+OpenID+Connect+Federation
- Part of GN4-2 JRA3 – Meeting notes include OIDCfed meetings
- Includes Roland Hedberg's efforts to make OIDC “federation and interfederation capable”
- Includes potential OIDC profile for eduGAIN
- Includes implementation blueprint requirements
- Includes OJOU (OAuth2/JW*/OIDC/UMA) training courses – e.g. November 2017
- Coordinate with REFEDS OIDCre working group
- https://wiki.refeds.org/display/GROUPS/OIDCre
- Includes OIDC Federation; carried out with help from GEANT OIDC Federation (above)
Refers to OIDC Federation draft specification
Refers to OIDCfed test suite
Refers to Roland's federation-aware RP and OP implementations
Refers to Ioannis and Andres federation-aware OP (based on pyoidc)
Refers to Andreas federation-aware OIDC NodeJS library
Refers to Janusz federation-aware OIDC PHP library
Refers to Janne & Henri adding OIDC functionality to Shibboleth
- Refers to Herve, Jule and Maarten interviewing federations on plans, requirements, and use cases
- Includes SAML to OIDC mapping
- Refers to Registration in the IANA JSON Web Token Claims registry
- Refers to Report on mapping of the R&S bundle in OIDC
- Refers to AARC2
- Includes MJRA1.3-Design-for-the-integration-of-an-Attribute-Management-Tool.pdf
- Includes SAML to OIDC mappings (§3.2)
- Includes AARC2 JRA1.2B – OIDC-based services in research collaborations
- Includes AARC2 JRA1.3B – Guidelines for registering OIDC Relying Parties in AAIs for international research collaboration
- Includes MJRA1.3-Design-for-the-integration-of-an-Attribute-Management-Tool.pdf
- Referred to by CILogon OIDC
- To establish OIDC interoperability profiles
- Recommends use of Certificated OIDC implementations
- Coordinate with AARC2?
- Coordinate with IGTF for Research and e-Infrastructures?
- Present to TAC and Internet2 T&I
- Identify issues R&E federations must address to provide federated OIDC/OAuth2
See Also
- OIDC Survey Working Group, chaired by Albert Wu
- TIER API WG - OAuth / OIDC Study Group
- 2017-07-19 – Blog on new TAC Working Groups (by Mark Scheible)
Meeting Date, Time and Details
Conference calls are bi-weekly on Tuesdays at 11am ET
- Next call: April 10, 2018
- Future: Apr 24, May 8, 22, Jun 5, 19, Jul 3, 17
- To join a call: https://bluejeans.com/286895548internet2.zoom.us/j/393626768
Working Group Email list:
Working Group Members
- Alan Crosswell
- Steven Carmody
- Nathan Dors (dors@uw.edu) - Chair
- Micheal Gettes
- Eric Goodman
- Roland Hedberg
- Eric Kool-Brown
- David Langenberg
- and many more
Working Group Guidelines
- Guidelines for Trust and Identity Working Groups
- Internet2 Intellectual Property Framework