- Created by Dean Woodbeck (internet2.edu), last modified by Nathan Dors (washington.edu) on Jan 15, 2019
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 52 Next »
Overview & Charter
Roadmap
Resources
Presentations
- 2018-12-12 – IAM Online Webinar "OpenID Connect and OAuth in the R&E Community" Slides and Recording
- 2017-11-21 – Alan Crosswell, "Columbia University - API Standards & Practices"
- 2017-10-24 – Gregory Haverkamp, "OIDC and OAuth2 at LBNL" (PDF slides)
Objectives
Note: unless otherwise noted, this working group is focused on organizations in the Higher Education community.
- Refine scope
- Review recommendations from the previous WG
- Define scope for this WG
- Share information
- Collect and share learning materials
- Facilitate information sharing among deployers and interested parties
- Coordinate with international community
- Examples: email lists, wiki pages, conference calls, trainings, workshops, and regular webinars
- Develop best practices
- Document OIDC and OAuth2 use cases
- Document lessons learned
- Include what is and is not being used
- Include software architectures in use including SAML IdPs and proxies
- Include native mobile application authentication using SAML and/or OIDC/OAuth2
- Consider campus-specific vs. federation-specific
- Identify use cases that require multilateral federation support
- Develop recommended practices for deployment, configuration, and use
- Guide standardization
- Identify where increased standardization would benefit organizationn
- e.g., Map SAML Attributes to OIDC Claims
- e.g. map eduPerson schema to OIDC Claims
- e.g. develop profile similar to healthcare, iGov, financial
- Facilitate related standardization
- Work within existing standardization efforts
- Or create new efforts
- Support multilateral federation
- Identify issues R&E federations must address to provide federated OIDC/OAuth2
- Include metadata, discovery, etc.
- Coordinate with GEANT OpenID Connect Federation
- https://wiki.geant.org/display/gn42jra3/T3.1A+OpenID+Connect+Federation
- Part of GN4-2 JRA3 – Meeting notes include OIDCfed meetings
- Includes Roland Hedberg's efforts to make OIDC “federation and interfederation capable”
- Includes potential OIDC profile for eduGAIN
- Includes implementation blueprint requirements
- Includes OJOU (OAuth2/JW*/OIDC/UMA) training courses – e.g. November 2017
- Coordinate with REFEDS OIDCre working group
- https://wiki.refeds.org/display/GROUPS/OIDCre
- Includes OIDC Federation; carried out with help from GEANT OIDC Federation (above)
Refers to OIDC Federation draft specification
Refers to OIDCfed test suite
Refers to Roland's federation-aware RP and OP implementations
Refers to Ioannis and Andres federation-aware OP (based on pyoidc)
Refers to Andreas federation-aware OIDC NodeJS library
Refers to Janusz federation-aware OIDC PHP library
Refers to Janne & Henri adding OIDC functionality to Shibboleth
- Refers to Herve, Jule and Maarten interviewing federations on plans, requirements, and use cases
- Includes SAML to OIDC mapping
- Refers to Registration in the IANA JSON Web Token Claims registry
- Refers to Report on mapping of the R&S bundle in OIDC
- Refers to AARC2
- Includes MJRA1.3-Design-for-the-integration-of-an-Attribute-Management-Tool.pdf
- Includes SAML to OIDC mappings (§3.2)
- Includes AARC2 JRA1.2B – OIDC-based services in research collaborations
- Includes AARC2 JRA1.3B – Guidelines for registering OIDC Relying Parties in AAIs for international research collaboration
- Includes MJRA1.3-Design-for-the-integration-of-an-Attribute-Management-Tool.pdf
- Referred to by CILogon OIDC
- To establish OIDC interoperability profiles
- Recommends use of Certificated OIDC implementations
- Coordinate with AARC2?
- Coordinate with IGTF for Research and e-Infrastructures?
- Present to TAC and Internet2 T&I
- Identify issues R&E federations must address to provide federated OIDC/OAuth2
See Also
- OIDC Federation discussion at Advance CAMP 2018
- OIDC Survey Working Group, chaired by Albert Wu
- TIER API WG - OAuth / OIDC Study Group
- 2017-07-19 – Blog on new TAC Working Groups (by Mark Scheible)
Meeting Date, Time and Details
Conference calls are bi-weekly on Tuesdays at 11am ET
- Next call: January 29, 2019
- Future: Feb 12, 26, Mar 12, 26
- To join a call: https://internet2.zoom.us/j/874504510
Working Group Email list:
Working Group Members
- Alan Crosswell
- Steven Carmody
- Nathan Dors (dors@uw.edu) - Chair
- Micheal Gettes
- Eric Goodman
- Roland Hedberg
- Eric Kool-Brown
- David Langenberg
- and many more
Working Group Guidelines
- Guidelines for Trust and Identity Working Groups
- Internet2 Intellectual Property Framework
- No labels