Merge branch 'roadmap-backbone-2023' into 'master'

Backbone milestones 2023 See merge request !711

Merge branch 'roadmap-backbone-2023' into 'master'
fc9312bd · Uwe Jandt (DESY, HIFIS) · bf717db9 · 94ae8a11 · fc9312bd · fc9312bd
Commit fc9312bd authored 1 year ago by Uwe Jandt (DESY, HIFIS)
--- a/_roadmap/backbone/2023-02-01-aai-housekeeping.md
+++ b/_roadmap/backbone/2023-02-01-aai-housekeeping.md
+---
+date: 2023-02-01
+service: backbone
+---
+
+## AAI: Yearly housekeeping
+After ramp-up phase, and going towards operational phase, the components of Helmholtz AAI will undergo a regular updating and housekeeping process.
+Amongst these, the owners of registered services as well as the managers of registered Virtual Organisations (VO) will be contacted and requested for information confirmation or updates.
+Further updates and regular review processes are to be defined in the upcoming Policy Review Process.
--- a/_roadmap/backbone/2023-02-01-full-member-aegis.md
+++ b/_roadmap/backbone/2023-02-01-full-member-aegis.md
+---
+date: 2023-02-01
+service: backbone
+---
+
+## AAI: HIFIS becoming full AEGIS member
+For over one year, HIFIS already has been an observing member of the AARC Engagement Group for Infrastructures (AEGIS), which facilitates activities for the adoption of harmonised federation solutions and thus the design and adoption of AARC guidelines.
+
+Based on the many practical use cases in the context of Helmholtz AAI and Helmholtz Cloud, as well as the continuous increase of user numbers and participating groups, HIFIS was asked to step up as a full member.
+It is planned to do so by February; we look forward to a fruitful cooperation on further developing harmonised federated access to digital resources for science.
--- a/_roadmap/backbone/2023-02-15-nfdi-iam-proposal.md
+++ b/_roadmap/backbone/2023-02-15-nfdi-iam-proposal.md
+---
+date: 2023-02-15
+service: backbone
+---
+
+## AAI: HIFIS members are part of the NFDI IAM proposal
+Using the Helmholtz-AAI as a starting point, the NFDI IAM proposal was
+submitted to support the 26 NFDI Consortia. The participating HIFIS
+members are tasked to maintaining full compatibility with the
+Helmholtz-AAI and hence the AARC blueprint, and to establish a two-way communication channel amongst the
+participants.
--- a/_roadmap/backbone/2023-04-01-third-aarc-proposal.md
+++ b/_roadmap/backbone/2023-04-01-third-aarc-proposal.md
+---
+date: 2023-04-01
+service: backbone
+---
+
+## AAI: HIFIS members are part of the 3rd AARC proposal
+HIFIS Backbone members are participating in the EU project proposal for the third AARC project, which will update the globally accepted AARC Blueprint Architectures, Policies, and Guidelines.
+The participation of HIFIS partners will intensify useful feedback in both directions between the global AAI community and HIFIS.
--- a/_roadmap/backbone/2023-05-01-aai-mfa.md
+++ b/_roadmap/backbone/2023-05-01-aai-mfa.md
+---
+date: 2023-05-01
+service: backbone
+---
+
+## AAI: Multi Factor Authentication (MFA)
+It is planned to enforce MFA in administrative endpoints of the central community AAI (Unity IdM), i.e., the /console and /oauth-home (userhome of oauth clients) endpoints.
+It will be made optional on normal user's /home /upman /oauth2 /saml-idp endpoints and recommended for VO admins to use it.
+Corresponding documentation will be provided and signalling the MFA status will be prepared.
--- a/_roadmap/backbone/2023-06-01-non-helmholtz-idps.md
+++ b/_roadmap/backbone/2023-06-01-non-helmholtz-idps.md
+---
+date: 2023-06-01
+service: backbone
+---
+
+## AAI: Fostering the participation of non Helmholtz IdPs in Helmholtz AAI
+Users from numerous non-Helmholtz organisations can in principle access Helmholtz AAI and Cloud services by logging in via their home IdP. However, lack of standard conformity, local policies and technical inconsistencies frequently prevent successful authentication, frustrating the users and also putting high load on the HIFIS support.
+A frequently used workaround, authenticating via social IdPs (ORCID, Github, Google) allows users to access our services with caveats.
+Using AAI statistics of user's originating organisations, we will identify organisations with significant numbers of users, and non-working IdP based authentication, so that we can concentrate efforts on actively integrating these organisations systematically.
+The identification and workflow to do so is planned to be established by late spring 2023, with follow-up work being continuous.
--- a/_roadmap/backbone/2023-07-01-coordination-opsec.md
+++ b/_roadmap/backbone/2023-07-01-coordination-opsec.md
+---
+date: 2023-07-01
+service: backbone
+---
+
+## First Coordination of future operational Cybersecurity Activities
+The HIFIS Backbone cluster, together with Cloud cluster, will define first coordinating steps to align with Helmholtz KoDa's activities in fostering Operational Cybersecurity.
--- a/_roadmap/backbone/2023-08-01-deprovisioning.md
+++ b/_roadmap/backbone/2023-08-01-deprovisioning.md
+---
+date: 2023-08-01
+service: backbone
+---
+
+## AAI: Deprovisioning of inactive / non-present users
+The technical tooling of asking IdPs to report the status of a specific user via Attribute Query, is supported by the Helmholtz Community AAI.
+For summer, we plan to put the automated deprovisioning process into action for users that have not logged in to Helmholtz AAI by more than a defined grace time, either by a) querying IdPs which support this until then, or b) querying users via email to log in again.
+The deprovisioning information is then forwarded to connected cloud services.
--- a/_roadmap/backbone/2023-09-01-integrate-federation-pilot.md
+++ b/_roadmap/backbone/2023-09-01-integrate-federation-pilot.md
+---
+date: 2023-09-01
+service: backbone
+---
+
+## AAI: Integrate most relevant federations, based on negotiated use cases (pilot)
+Any completely transparent interconnection of Helmholtz AAI with other federations, such as EGI Checkin, ELIXIR/Lifescience, or Indigo IAM, is notoriously problematic due to many degrees of freedom of such implementations (and thus potential conflicts) in terms of user lifecycle management, authorisation management, group memberships, applying policies and more.
+In coordination with specific user groups using infrastructures from other federations and communities, we will define specific technical and administrative procedures to enable the negotiated use cases while minimising the abovementioned problems.
--- a/_roadmap/backbone/2023-11-01-robot-accounts.md
+++ b/_roadmap/backbone/2023-11-01-robot-accounts.md
+---
+date: 2023-11-01
+service: backbone
+---
+
+## AAI: Robot accounts, group accounts
+Group Accounts and Robot Accounts are not yet fully supported by DFN AAI and thus Helmholtz AAI.
+As such accounts are envisioned to play an increasing role in the Helmholtz AAI and Helmholtz Cloud, HIFIS will foster to establish an AARC guideline to fully support such accounts.
+In parallel, HIFIS will provide first conceptually compatible implementations so that ongoing use cases can be supported soon.
--- a/_roadmap/backbone/2023-11-15-policy-review-process.md
+++ b/_roadmap/backbone/2023-11-15-policy-review-process.md
+---
+date: 2023-11-15
+service: backbone
+---
+
+## AAI: Policy Review Process (close collaboration with Cloud Cluster)
+With experiences made during the annual housekeeping, user deprovisioning, adoption of new use cases (for example, including robot accounts), and updates in the upstream AARC guidelines (SIRTFI-v2, REFEDS Assurance Framework V2), the AAI policies may need regular updates.
+This and yet to be defined elements will be part of the policy review process that is due to be defined.
+As this strongly related to similar review activities of the HIFIS Cloud cluster for the Helmholtz Cloud services, there will be a close collaboration between clusters on this.