1 of 9

TAC Forward

How can TAC add the most value?

2 of 9

InCommon Futures 2: Promoting Digital Collaboration

Evolved Strong Value Proposition��

Clear Guidance & Technical Recommendations��

A Security Focused Innovation Group��

Improved Tools & Services Implementation & integration��

Easy to Navigate Tool & Service Offering

CONFIDENTIAL

3 of 9

InCommon Futures 2: Charting the Course

Activity 1: Communicating the Value�

Activity 2: Provide Foundational IAM Guidance to the Community

Activity 3: Teaching & Learning Community Challenge: Navigating Demographic Changes

Activity 4: Research Community Challenge: Increase Collaboration Across Higher Education, Research and Federal Agencies

Activity 5: Refresh InCommon’s Community Engagement Approach

CONFIDENTIAL

4 of 9

Making federation easier

Increasing the value of InCommon participation

IdP as a Service

Test federation

Cloud Services Cookbook update

Deployment Profile work recommendations

Making federation easier

Increasing the value of InCommon participation

Adopt SAML Deployment Profile

Subject Identifier

Federation Testing

SeamlessAccess

Making federation easier

Adopt SAML Deployment Profile - Next Steps

Subject Identifier

Federation Testing

Browser Technology Changes (user tracking) and impact on Federation

Guidance for EntityID creation, change, and use.

Future-proofing InCommon

Adopt SAML Deployment Profile & Subject Identifiers

Anonymous, Pseudonymous, and Personalized Entity Categories - What does InCommon do with them?

SP Middlethings - Next Steps

Federation Testing - continued

2020

2021

2022

2023

5 of 9

TAC has tackled a number of subjects

in its journey to “make federation easier”.

Is it time to take a more systematic approach?

6 of 9

Federation enables streamlined access to cross-organization scholarly collaborations.

(Person) Information

Policy �& �Practice

(Message) Transport

7 of 9

(Personal) Information

The global R&E community has data structures representing person and person’s relationship to organization today.

  • eduPerson family
  • SCHAC
  • voPerson
  • SAML Subject Identifiers
  • more?

  • Are they interpreted and used consistently from service to service?
  • Are they well known and understood by newcomers to our community?
  • Do they interoperate with other person data specs commonly used in other verticals? with intra-institution needs?
  • Shouldn’t information taxonomy be mostly portable across technical specifications? Are they today?
  • What are we missing?

Specifications Used in InCommon: https://docs.google.com/spreadsheets/d/11_unSkpnNANwMU-3UjdN_iuF7TRmg6mFy5Y0HFroCUM/edit?usp=sharing

8 of 9

(Message) Transport

Today, this is basically the SAML family of specifications. We rely on them to connect services and to negotiate message exchange during user access.

  • Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0
  • Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0
  • Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0
  • Conformance Requirements for the OASIS Security Assertion Mark Markup Language (SAML) V2.0
  • Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0
  • Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0
  • Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0
  • RFC8409: The Entity Category Security Assertion Markup Language (SAML) Attribute Types
  • and more…
  • Are they interpreted and used consistently from service to service?
  • Are they well known and understood by newcomers, well, everyone, in our community?
  • Do they interoperate with other messaging specs commonly used in other verticals? with intra-institution needs?
  • What are we missing?

Specifications Used in InCommon: https://docs.google.com/spreadsheets/d/11_unSkpnNANwMU-3UjdN_iuF7TRmg6mFy5Y0HFroCUM/edit?usp=sharing

9 of 9

Policy & Practice

Policy & Practice lend meaning and context to this thing we trust called “federation”. P&P range broadly from foundational principles to discrete operating practices.

  • Baseline Expectations family
  • SIRTFI
  • SAML2Int
  • REFEDS Assurance Framework
  • InCommon Metadata Registration Practice Statement
  • InCommon Federation Participant Domain Use Policy
  • Federation Operating Practices and Procedures
  • eduGAIN Federation Policy Framework
  • and more
  • Are they interpreted and used consistently from service to service?
  • Are they well known and understood by newcomers, or everyone, in our community?
  • Are the boundaries between specifications (data structure, message structure/transport) and P&P clear?
  • Are the relationships between the federation P&P and intra-organization policies well understood?
  • Shouldn’t P&P be mostly portable across technical specifications? Are they today?
  • What are we missing?

Specifications Used in InCommon: https://docs.google.com/spreadsheets/d/11_unSkpnNANwMU-3UjdN_iuF7TRmg6mFy5Y0HFroCUM/edit?usp=sharing