An open discussion list for topics related to the eduGAIN interfederation service.

[Peter Schober <peter.schober AT univie.ac.at>]

* Lukas Hämmerle <lukas.haemmerle AT switch.ch> [2017-09-19 13:26]:
> The CoCo monitor has sent out quite a few of those false positive check
> mails in the past weeks. Some of them then ended also up in the eduGAIN
> e-Science Support ticket queue because SP admins were asking us what was
> wrong with their SP.

Then why not tell them that this was a mistake and that there is
nothing wrong with their entity? (If that's in fact the case.)
If you can send out emails claiming someone else did something wrong
you can always send apologies, too, no?
(I don't insist on any apologies, though, what I want is clear
answers, and ones that don't take 2 weeks for already sent error
reports.)

> My guess is that the CoCo check failed to download the privacy
> statement due to some temporary connectivity issues.

From the URL I previously sent this can be ruled out for the entity in
question: In all paged results available here there's not a single
error of any kind, AFAICT:

https://monitor.edugain.org/coco/?f_id_sp=1447&f_entityID=vetuc&f_coc_found=1&f_last_seen=1&page=1&f_order=ts+desc&show=list_sp_tests&f_is_changed=1

> However, only the admins of the CoCo monitor might know more for
> sure.

The SP said asking at <monitor AT edugain.org> "didn't work" (I have not
checked back with them what they meant with that, specifically) and
that asking at <edugain AT geant.org> next they got Ioannis telling that
their entity is "probably" fine (I'm retranslating from German into
English here, I don't have the reply at hand verbatim) and that this
will be looked into.
Hence me asking two weeks after the notification what the verdict is.

> Miro and team (who are operating the CoCo monitor) are informed
> already about this issues. Also about the suggestion to improve the
> emails to include the cause of why the check supposedly failed.

Yes, adding the error itself to the message is certainly necessary.
And avoiding sending false positives to entity owners in the first
place, but we all make mistakes and that's an issue *if* someone told
them that this indeed was a mistake on behalf of the eduGAIN monitor
and not their own fault. (I can live with the fault being mine, too.)

Finally, I wasn't aware the eduGAIN monitor contacted entity owners
directly at all (but I may have missed that since I wasn't able to
attend recent eduGAIN SG meetings) and did not involve the federation
operator in any of this. When the answer to questions about the error
report is "ask your federation operator" anyway (i.e., the stagtegy is
to play this via the hierarchy when it's convenient) why not always
communicate through the federation operator, or at least let the fedop
know there /are/ issues with some of its entities, e.g. in Cc: ?

Maybe that's not an option for federations with dozens or even
hundreds of SPs in eduGAIN. OTOH as a fedop I take it upon me to
curate and produce proper, error-free, rich federation metadata, so I
certainly want to know if any of my entities fail to conform to
published specs!

Best regards,
-peter