This Task integrates developments that go beyond or significantly disrupt the current models, technologies or approaches to trust and identity that are in operation in the eduGAIN platform.
It aims to widen the engagement of federated identity approaches to other sectors, including e-Government and potential social identity providers, allowing greater engagement by individuals and citizen scientists in research.
Key objectives
The key objectives of Task 3 are:
T3.1 Federated identity, the next generation
- Carry out development based on OpenID Connect (OIDC), specifically for extending the standard to make OIDC "federation and interfederation capable" (i.e. OIDC metadata, discovery, etc.), including engaging with and contributing to the IETF and developing a potential OIDC profile for eduGAIN.
- Develop user-centric identity federation: user-managed access.
- Engage with federations on the principle of user-managed access, not only technically, but also reflecting the principle that the user is the resource owner and should therefore be in control of their own “data”.
- Develop pilots based on eduKEEP- and eduID-like approaches, currently at TRL 6–8 in various national developments, to enhance to scale for international interoperability.
T3.2 Two-factor authentication in eduGAIN
- Develop procedures/metadata profiles for including two-factor support in eduGAIN. NOTE: not two-factor / MFA service itself.
T3.3 Services to support mobile federated identity
- GN3plus and GN4-1 delivered research into technical facilities to support non-web use cases for rich client applications and mobile devices (using OpenID Connect and Moonshot). Service options for integrating these results in a service context for GÉANT will be developed, integrated into the harmonisation framework and piloted with eduGAIN to attain TRL 8.
T3.4 Cross-sector interoperability (eduGAIN)
- Identify and pilot methods to organise and incorporate eIDAS and social identities with eduGAIN.
- Collaborate with Task 2, since interoperability with government eID/eIDAS may also facilitate step-up assurance, and social identity may provide coverage for some homeless users (i.e. users without an account within a R&E federation). AARC results will be examined for adoption as they become available. NOTE: As mentioned: AARC is in the lead for this bullet.
Deliverables and Milestones
DONE Deliverable D9.3: Best Practice for User Centric Federated Identity
GREY Milestone M9.8: User Centric Federated Identity Business Case, Due M30 - 31 October 2018
People and Workplan
Information on the people in the TrustTech can be found at the TrustTech Team information pages.