Draft
At the June 2013 conclusion of the interfederation TAC subgroup, the subgroup recommends that TAC convene a follow-on subgroup to work on the following items:
- InCommon becoming an eduGAIN member. Work with InCommon Operations to achieve InCommon membership in eduGAIN. Follow the InCommon governance process to obtain InCommon Steering approval for eduGAIN membership. Perform a due-diligence review of InCommon policies related to metadata exchange with non-InCommon members. Determine policy for which eduGAIN entities would be provided in a metadata aggregate to InCommon members, and which InCommon entities would be provided to eduGAIN (potentially including an opt-in or opt-out process and potentially starting with R&S entities). Communicate with InCommon membership regarding trust issues associated with eduGAIN participation.
- InCommon interfederating with UK federation. Identify a mutually-agreeable registration practice statement that could be floated as a potential standard to be more widely adopted. Topics include private key handling, upload of metadata from org to
fed operator, key sizes, organizational validation, etc. This can set a criteria for assessing eduGAIN members and other
interfederation partners.
- InCommon adding <mdrpi:PublicationInfo> and <mdrpi:RegistrationInfo> elements in metadata. Addition of <mdrpi:PublicationInfo> to InCommon metadata is now planned. Assuming that goes well, adding <mdrpi:RegistrationInfo> to each entity in InCommon metadata can happen later. This will help with metadata aggregation by clearly identifying the registrationAuthority and publisher for each entity. When an aggregator publishes metadata, the registrationAuthority won't change but the publisher will identify the aggregator.
- InCommon providing one or more production interfederation metadata aggregates for its members. Determine level of trust required for entities included in InCommon's interfederation metadata aggregate(s). Determine if InCommon should provide "untrusted" interfederation metadata to its members versus only entities that meet baseline trustworthy practice, to help scale the trust.
- InCommon providing one or more production "export" metadata aggregates for consumption by external partners (UK, eduGAIN, etc.). Determine opt-in/opt-out process for InCommon entity inclusion.
- Documentation of InCommon registration practices. Building on the InCommon FOPP, document InCommon registration practices to a level similar to UK Federation Technical Specifications. This documentation will be useful as input to eduGAIN. REFEDS may develop a template for registration practice statements, and if/when that happens, InCommon should conform to the template. In terms of priority, this work item is good to do but is not blocking interfederation work.
- InCommon support for hierarchical federation. For example, automated publishing of UT metadata aggregate as input to InCommon metadata. Starting step could be: Paul logs in to InCommon and gives metadata URL. Register certificate that signed it. Related to XML submission. Or dynamic referral - InCommon delegates lookups to UT? Also support REEP? Doing this helps prepare InCommon for working with regional federations (via Quilt).
- InCommon support for additional entity tags. As REFEDS and other groups develop standard entity tags, indicating (for example) whether an IdP should be included in discovery interfaces or indicating an SP's privacy policy, InCommon should provide the ability for InCommon entities to self-assert these tags. This can also include a tag indicating acceptance of the InCommon membership agreement.
- InCommon support for a version of the Code of Conduct that extends beyond the EU. There is a DRAFT of an extension to the CoC that would allow EU-based IDPs to release attributes to SPs that are InCommon members if those SPs were to assert compliance. This draft should be forwarded to the InCommon lawyers for review.