Hi all,
Since apparently this group is attracting a lot of interest in the wider world, I think it's good to actually write down our objectives and scope, if only to clarify that we are *not* intending to set up an alternative OIDC Fed next to eduGAIN or so :) The discussion at the All Hands meeting was clearer on that issue, but it's not written down anywhere. And that starts creating confusion ...
Should we have a stab now at the scoping statement to identify objectives? Comments welcome, please!
" The IGTF OIDC Fed effort focuses (primarily) on the establishment of trust between OIDC SPs in the Research and e-Infrastructures, where a common trust basis exists between them and between them and any of their 'upstream' or internal SPs, and where a common trust anchor or set of trust anchors would help alleviate the need to establish bi-lateral trust between all OIDC SPs and the collection of Infrastructure SP-IdP proxies (acting as OPs), and between SPs and (bridging) OPs of different Infrastructures when they inter-operate. In this respect, it is complementary to other OIDC Fed efforts in the general R&E space (in particular, we are not intending to mass-onboard OPs).
The trust basis for the federation can be organised around the Snctfi framework, using common baselines where applicable (e.g. those developed as part of the Policy Development Kits in AARC and the CTSC). Incidental OPs that connect to the Federation can be assessed based on the IGTF AuthN Assurance Profiles. Trust establishment leverages the membership and assessment guidelines common to the IGTF. "
I've added it tentatively to http://wiki.eugridpma.org/Main/OIDCFed, so the IGTF members can edit it directly, but let's discuss on the list :)
Similarly, we should start actively reaching out to some of the implementors of the Infrastructure (proxy) operators (Nicolas, Mikael, Jens, Hannah, Brian, &c) to get the needs and requirements clear. I can think of several things here - there are ikely more: - is a technical bridge (single signing key) better? Or a distribution and a 'policy bridge' like we have today? - scoping and how to deal with proxies changing (or not changing!) scope and how we can facilitate such trust? - technical details? - time line?
Let's make this a slightly livelier list :)
Cheers, DavidG.