| RBAC, ABAC, PBAC, OPA, let’s call the whole thing “Auth” Z |
| You like RBAC and I like ABAC. We all know how the old song goes. And just like in the song, “we know we need each other”. The best solution for controlling authorization requires the best of both. In this session we’ll explore strengths, weaknesses, and strategies to leverage the best of RBAC and ABAC. We’ll also discuss newer models and technologies like Policy-Based Access Control (PBAC) and Open Policy Agent (OPA) for microservices. (Patrick Parker) |
| Making sense of user access – from technical nonsense to business understanding. Bridging IT and business language |
| Today, a key part of IT is assisting the business in identifying, understanding, and managing risk due to technical entitlements. The major roadblock in this effort has never been technical but rather the lack of a common shared language between IT and the business. In this talk, we’ll discuss the need for a new “Intelligibility Layer” in IAM to map technical entitlements to the actual business activities they enable a person to perform. (Patrick Parker) |
| Crisis simulation for eduGAIN |
| Discussions at REFEDS and TechEx indicate support for holding a large scale crisis simulation for the eduGAIN Community. We plan to hold one within the next 2 years - this session is to share ideas and collect input. (Hannah Short) |
| Identity Correlation and Progressive User Profiles |
| How do we correlate identities in case that we do not have a reliable identifier? Our knowledge of user profile may also be very limited due to privacy and data protection. Do we need to build user profiles in a progressive way (on “as needed” basis)? Do we need to dynamically merge/split identities? (Radovan Semancik) |
| Impact of Data Protection and GDPR |
| GDPR is in force, but there is suspicious silence about it. How have you dealt with GDPR? How does it impact your organization? What are the problems? Are there any tools or processes that are you missing? (Radovan Semancik) |
| SSI4EDU |
| A session to investigate how emerging standards in Self Sovereign Identity might be used in research and education. (Niels van Dijk) |
| Update on the Austrian eID Architecture |
| An update on the business and technical perspective of the Austrian eID, and lessons learned from the first implementations. The adoption of eIDAS triggered a process to overhaul the Austrian e-ID architecture that was based on concepts of the early 2000, featuring SAML 1.0, XML everywhere and a fixed attribute set. The new design features the eIDAS compatibility, a broader set of use cases and improved interoperability like OIDC and SAML Metadata. (Peter Teufl) |
| U.S. Permanent Residence Cards with SSI |
| The U.S. Department of Homeland Security (DHS) has supported SSI technologies such as Decentralized Identifiers (DIDs) and Verifiable Credentials for several years. Now, a number of companies have been selected to work with DHS on implementing digital versions of identity documents such as the Permanent Residence Card (Green Card). The objective is to make use SSI in order to increase security and efficiency as well as user control. (Markus Sabadello) |
| Federation 2.0 |
| A REFEDS WG is developing strategies that R&E federations should pursue over the next 10-15 years. Help them! (Tom Barton) |
| Baseline Expectations |
| InCommon’s program is effective at increasing the value of federation. What’s next in the US and internationally. (Tom Barton) |
| The Grand Unified IdP |
| The GUIdP aka. a scalable guest user IdP is an IdP that scales from being specific to a single SP over servicing a Virtual Organization to an IdP as a Service for a whole federation. (Mads Freek Petersen) |
| SAML2jwt / jwt2SAMLMDQ |
| A pair of microservices that takes all the heavy XML lifting out of being a SP resp. an IdP. (Mads Freek Petersen) |
| SAX C14N |
| An experiment in doing canonicalization for large metadata documents in low memory environments. (Mads Freek Petersen) |
| Metadata Push MDQ |
| A proposal to use the WebSub protocol to help to speed up metadata distribution for distributed (eduGAIN) SAML federations. (Niels van Dijk) |
