View Source

Introduction

This is information page of GN4-1-JRA3-T1 also known as the research task on Attributes and Authorisations in the Federated Identity Ecosystem.
If you have any questions or remarks: feel free to contact Maarten Kremers

Objectives

The objectives of this research task are to:

Further improving group management, by continuing work on VOOT specifications based on input from use-cases and extending additional group-aware applications with VOOT support.
Increasing usefulness of groups, by introducing group awareness into appropriate cloud service middleware such as OpenStack.
Putting the user in control by working on distributed and user controlled authorisation. Making collaboration and authorisation management platforms such as HEXAA and PERUN interoperate and contributing to the work on User Managed Access (UMA)
Stimulate user-centricity for identity federations, by studying implications, benefits and costs of moving from an organization-centric identity management model to a (more) user-centric identity federation model such as provided by eduID developments in various federations.

People

The following people are part of this task

Affiliation	Name
SURFnet	Maarten Kremers (Tasklead)
CESNET	Michal Procházka
CESNET	Slávek Licehammer
GARR	Lalla Mantovani
GARR	Marco Malavolti
GARR	Andrea Biancini
NIIF	Kristóf Bajnok
NIIF /MTA-SZTAKI	Mihály Héder
NORDUnet / Umeå Uni	Roland Hedberg
NORDUnet / Umeå Uni	Rebecka Gulliksson
RedIRIS / Uni Murcia	Alejandro Perez Mendez
SWITCH	Christoph Graf
SWITCH	Rolf Brugger

Workitem

In order to reach our goals the objectives are divided in the the following Work Items

AA Scalability and interoperability
User-Managed Access Controlled Attribute Service
Towards User-Centric Identity Management Model: EduKEEP

AA Scalability and interoperability

User-Managed Access Controlled Attribute Service

Roland Hedberg (lead)
Rebecka Gulliksson

A Proof-of-Concep for a UMA controlled attribute service.

An application which would ultimately allows an user to control access to all her attributes in one place and can be used by SAML2 IdPs and AAs or OpenID Connect OPs as their attribute sources. The way the application is to be build, it will be build independent of the implementation of the IdP and AA. They all should be able to use the same attribute service. All that is need is a common API.

Towards User-Centric Identity Management Model: EduKEEP

EduKEEP Documents on Google Drive (Access on request)

Question? / Remarks?

Please contact Maarten Kremers