Innovation in Trust and Identity activities is essential if the changing needs of users and the changing challenges of technological development are to be met.
International collaboration between Trust and Identity experts is vital to ensure that innovation activities take into account the differing requirements of parties involved in the secure exchange of information about users and affiliations across borders between organisations, services and countries.
The development of effective trust & identity systems is vital for GÉANT and the wider research and education community. GÉANT and the community undertake a range of activities to support innovation in trust & identity.
Research activities focus on enhancing the technologies and policies aimed at the needs of campuses, identity federations and research communities. Some research activities will lead to services that enhance eduGAIN, while others will provide supporting technologies for federated identities.
This innovation work is focused on the following core areas:
Federations and campuses
Making it easier for national research end education identity federations and for campus identity providers to adopt federated identity on a pan-European scale would help them cope with growing numbers of entities connected via eduGAIN, and to become more secure in complex operating environments. Innovation efforts include:
- Updating eduGAIN's policy, constitution and best practices - to address recent growth and adapt to privacy regulations (GDPR), enhancing the service's global scope and preparing for the adoption of technologies beyond SAML (Security Assertion Markup Language);
- Preparing eduGAIN support for SIRTFI (Security Incident Response Trust Framework for Federated Identity) - working with REFEDS and other communities;
- Developing supporting services for campus identity providers;
- Enhancing monitoring and statistics for eduGAIN;
- Enhancing the scalability of metadata exchange - to cope with the anticipated growth in demand.
e-Research and service providers
Research communities have more complex requirements and the trust models of industry providers differ - recognising this, enabling more sophisticated use of federated identity, and enhancing public-private collaboration is where innovation activities are focused; particularly:
- Enhancing eduGAIN support - to address complex performance, troubleshooting and diagnostics, in particular for international collaborations;
- eduTEAMS - developing virtual organisations to support ad hoc research collaborations and enable third party interconnectivity to federated services;
- InAcademia - enabling a light-weight gateway to the eduGAIN service for commercial services providers to reliably validate the academic affiliation of students, faculty, staff and employees;
- Identity Assurance - developing models to support assurance across e-research.
Disruptive technologies could support the growth in citizen science and e-government initiatives and enhance the ability of the 'long-tail' of research and education entities that do not currently benefit from interfederated identities to take advantage of them. Developments in this area include:
- OpenID Connect - extending the standard of this authentication protocol to make it federated and interfederation-capable;
- User-centric identities - formulating policies and services to enable the development of life-long identities that will support the new paradigms of mobility, multiple roles, and life-long learning in the research and education community;
- Multi-factor authentication - developing support and best practices for use with eduGAIN federation;
- Cross-sector interfederation - identifying and piloting methods to organise and incorporate the EU’s eIDAS (electronic IDentification, Authentication and trust Services) system and social identities with eduGAIN.
The vastly popular eduroam service offers millions of users worldwide simple-to-use, secure access to WiFi in campuses and participating public areas. To support the growth of eduroam, GÉANT is undertaking of a range of activities:
- eduroam managed IdP - developing services to support smaller organisations that wish to offer eduroam to their users;
- Self service - supporting services to enhance eduroam user self support;
- RadSec scalability - developing a pilot certificate provisioning tool to improve scalability and uptake of the service;
- Configuration Assistant Tool (CAT) - evolving CAT to support new end user devices and operating system releases.