Page History

Overview & Charter

• Working Group Summary and Charter

Roadmap

• OIDC-OAuth Deployment WG Roadmap

Presentations

• 2017-11-21 – Alan Crosswell, "Columbia University - API Standards & Practices"
• 2017-10-24 – Gregory Haverkamp, "OIDC and OAuth2 at LBNL" (PDF slides)

Objectives

Note: unless otherwise noted, this working group is focused on organizations in the Higher Education community.

1. Refine scope
   1. Review recommendations from the previous WG
   2. Define scope for this WG
2. Share information
   1. Collect and share learning materials
   2. Facilitate information sharing among deployers and interested parties
   3. Coordinate with international community
   4. Examples: email lists, wiki pages, conference calls, trainings, workshops, and regular webinars
3. Develop best practices
   1. Document OIDC and OAuth2 use cases
   2. Document lessons learned
   3. Include what is and is not being used
   4. Include software architectures in use including SAML IdPs and proxies
   5. Include native mobile application authentication using SAML and/or OIDC/OAuth2
   6. Consider campus-specific vs. federation-specific
   7. Identify use cases that require multilateral federation support
   8. Develop recommended practices for deployment, configuration, and use
4. Guide standardization
   1. Identify where increased standardization would benefit organizationn
   2. e.g., Map SAML Attributes to OIDC Claims
   3. e.g. map eduPerson schema to OIDC Claims
   4. e.g. develop profile similar to healthcare, iGov, financial
   5. Facilitate related standardization
   1. Work within existing standardization efforts
   2. Or create new efforts
5. Support multilateral federation
   1. Identify issues R&E federations must address to provide federated OIDC/OAuth2
      1. Include metadata, discovery, etc.
   2. Coordinate with GEANT OpenID Connect Federation
      1. https://wiki.geant.org/display/gn42jra3/T3.1A+OpenID+Connect+Federation
      2. Part of GN4-2 JRA3 – Meeting notes include OIDCfed meetings
         
      3. Includes Roland Hedberg's efforts to make OIDC “federation and interfederation capable”
      4. Includes potential OIDC profile for eduGAIN
      5. Includes implementation blueprint requirements
      6. Includes OJOU (OAuth2/JW*/OIDC/UMA) training courses – e.g. November 2017
   3. Coordinate with REFEDS OIDCre working group
      1. https://wiki.refeds.org/display/GROUPS/OIDCre
      2. Includes OIDC Federation; carried out with help from GEANT OIDC Federation (above)

         1. Refers to OIDC Federation draft specification

         2. Refers to OIDCfed test suite

         3. Refers to Roland's federation-aware RP and OP implementations

         4. Refers to Ioannis and Andres federation-aware OP (based on pyoidc)

         5. Refers to Andreas federation-aware OIDC NodeJS library

         6. Refers to Janusz federation-aware OIDC PHP library

         7. Refers to Janne & Henri adding OIDC functionality to Shibboleth

         8. Refers to Herve, Jule and Maarten interviewing federations on plans, requirements, and use cases
      3. Includes SAML to OIDC mapping
      4. Refers to Registration in the IANA JSON Web Token Claims registry
      5. Refers to Report on mapping of the R&S bundle in OIDC
      6. Refers to AARC2
         1. Includes MJRA1.3-Design-for-the-integration-of-an-Attribute-Management-Tool.pdf
            1. Includes SAML to OIDC mappings (§3.2)
         2. Includes AARC2 JRA1.2B – OIDC-based services in research collaborations
         3. Includes AARC2 JRA1.3B – Guidelines for registering OIDC Relying Parties in AAIs for international research collaboration
      7. Referred to by CILogon OIDC
         1. To establish OIDC interoperability profiles
         2. Recommends use of Certificated OIDC implementations
   4. Coordinate with AARC2?
   5. Coordinate with IGTF for Research and e-Infrastructures?
   6. Present to TAC and Internet2 T&I

See Also

• OIDC Survey Working Group, chaired by Albert Wu
• TIER API WG - OAuth / OIDC Study Group
• 2017-07-19 – Blog on new TAC Working Groups (by Mark Scheible)