An open discussion list for topics related to the eduGAIN interfederation service.

[Nick Roy <nroy AT internet2.edu>]

Thanks Nicole - yes, I think this aligns with that discussion in the eSG.  I think there are some things around scopes in metadata that should be 'MUSTS,' but it's getting hard to say what those should be considering that it's very valid for, say, an outsourced IdP to assert scopes for identities from an institution that has chosen to outsource its IAM system to that type of platform.  Never a dull moment ;-)

Nick

From: Nicole Harris <nicole.harris AT geant.org>
Date: Wednesday, October 21, 2015 at 1:54 AM
To: Nick Roy <nroy AT internet2.edu>, Ioannis Kakavas <ikakavas AT noc.grnet.gr>, "edugain-discuss AT geant.net" <edugain-discuss AT geant.net>
Subject: Re: [eduGAIN-discuss] Best Current Practices Guide for Joining eduGAIN as a Federation (eduGAIN wiki)

Just for clarity, the template is just a template - it sets out the scope of content that should be in such a statement but does not require federations to meet any given approaches.  It is "you must document this" not "it must be done this way".   The statement should definitely cover the fact that these areas should be documented though and definitely agree that all of the recent discussions around interfederation point to the need for federations to more fully document their practices.

If we want to require federations to do more things - i.e. add "MUSTS" -  within the eduGAIN framework then it would require an update to the policy. 

I think this aligns with discussion at the last eduGAIN SG around what behaviours a federation is being assessed on when they apply for membership. Is it just what is strictly in the policy, or are there behaviours we expect that aren't yet documented anywhere?

On 20/10/2015 23:49, Nick Roy wrote:
> Hi Ioannis, > > This looks great, and I think it's a very useful resource.  It sounds like there may need to be some "MUSTS" as part of a revised MDRPS template that include things like (these are just my thoughts/guesses): > > 1) Organizational validation practices for RA activities such as onboarding new members of each federation > 2) Possibly performing domain validation activities on domains in scopes, entityIDs and endpoints in metadata > > Is that true?  It seems that some prospective members of eduGAIN may need to more fully document their practices around these activities to prevent things like duplicate scopes or invalid scope assertion, for example. > > Thanks, > > Nick > > > > > On 10/20/15, 2:15 AM, "Ioannis Kakavas" <ikakavas AT noc.grnet.gr> wrote: >

Hello all,

As part of the efforts if the Enabling Users task of GÉANT4 we have
worked on enriching the information available in the eduGAIN wiki with
regards to the process for an identity federation joining eduGAIN.

We have now created a step-by-step guide that contains details
(according to best current practices) on the steps needed for joining
eduGAIN. Think of it as a complementary and more detailed version of
the eduGAIN joining checklist
(https://technical.edugain.org/joining_checklist.php).

You can find the wiki page at
https://wiki.edugain.org/Best_Current_Practices_Guide_for_Joining_eduGAI
N_as_a_Federation

Best Regards,
Ioannis Kakavas

>>

--
Nicole Harris
PROJECT DEVELOPMENT OFFICER
GÉANT - Amsterdam Office
M: +31 (0) 646105395
Skype: harrisnv

Networks • Services • People

Learn more at www.geant.org​