Description
Carry out development based on OpenID Connect (OIDC), specifically for extending the standard to make OIDC “federation and interfederation capable” (i.e. OIDC metadata, discovery, etc.), including engaging with and contributing to the IETF and developing a potential OIDC profile for eduGAIN.
Results
OIDCfed
During the GN4-2 the OpenID Connect Federation specification (from here on openid-federation) was implemented and had a major rewrite. At the same time a profile targeted to R&E identity federations was drafted.
The work on the specification consisted in both supporting the main editor, Roland Hedberg, and engaging with multiple R&E communities in order to collect needs, feedback and suggestions.
Specification
- Latest published draft: https://openid.net/specs/openid-connect-federation-1_0.html
- Tracker and working on edition: https://github.com/rohe/oidcfederation
Identity Federation profile (the "SWAMID/Amsterdam profile")
OIDCFed implementations and tools:
- library and example implementations of openid-federation draft 0.4:
- library and example implementations of openid-federation draft 0.5:
- proof-of-concept OIDC federation using the SWAMID/Amsterdam profile:
- Registry application for OpenID Connect federations and entities (REGO)
OIDC Support in Shibboleth
In the GN4-2 a full plugin for OIDC in Shibboleth is build. The code was build in agreement with the Shibboleth developers, and reached beta status
Code & Background - https://github.com/CSCfi/shibboleth-idp-oidc-extension
The beta release - https://github.com/CSCfi/shibboleth-idp-oidc-extension/releases/tag/v0.8.0b
Training material
- 15 october 2018 @ Orlando, FL, USA (Technology Exchange): https://wiki.eduuni.fi/pages/viewpage.action?pageId=75756004
- 11 & 12 october @ Amsterdam, NL https://wiki.eduuni.fi/display/CSCHAKA/181211-12+@+Shibboleth+OIDC+Extension+Tutorial
OpenID Foundation R&E Working Group
Project participants of the OIDCfed task members were one of the founding members of the OpenID Foundation R&E Working Group, founded in Oct 2018, in order to get a broader base for the OIDC work within R&E, with focus on:
- Developinga profile for OpenID Connect with specific requirements for security, multi-lateral trust and interoperability in the R&E sector.
- Developing a profile for the use of a specific set of claims and scopes related to the R&E sector.
- Developing a profile for extending OpenID Connect entity's metadata to support policy frameworks used in the R&E sector.
Charter: https://github.com/daserzw/oidc-edu-wg/releases/tag/v1.0.0
WG Homepage: https://openid.net/wg/rande/
OpenID Connect training
During the GN4-2 project instances of the OJOU (OAuth2, JW*, OpenID Connect and UMA) Course were held in Espoo (fi), Budapest (hu) and Rome (it), which focussed on the fundamental basics of OpenID Connect and it's underlying protocols.
Course material: https://github.com/rohe/ojou_course
Documents
- Meeting Notes Design Meeting Copenhagen, September 15, 2018: Meeting notes Copenhagen September 15th.docx
Reference Materials
- Draft OpenID Connect Federation
- Example implementation of the OIDC Federation
- OTTO - Open Trust Taxonomy for Federation Operators, minutes Kantara WG
- OIDC Mailinglist (GEANT) - The current mailinglist for discussion on the OIDC Federation draft (Federation perspective)
- OIDC specifications (Open ID Foundation) - The current mailinglist for discussion on the OIDC Federation draft (OpenID Connect perspective)
Attachments
