An open discussion list for topics related to the eduGAIN interfederation service.

["Nicholas Mbonimpa" <cto AT renu.ac.ug>]

Hullo Arnout and Rhys,

 

Below are the responses to your feedback.

 

 

MRPS:

 

Arnout: It took me a while to figure out who is eligible to join your federation; it might be worthwhile to include this in de MRPS (both IdPs and SPs)

Response:

The statement in the MRPS document shared/uploaded last week, “Section 3 – Membership Eligibility and Ownership”, page 5 was;

“The procedure for becoming a member of the Federation is documented at: https://rif.renu.ac.ug/.”

 

This has now been changed to two more specific statements (for IdPs and SPs) after your feedback;

“The procedure for becoming a member of the Federation as an Identity Provider is documented at: https://rif.renu.ac.ug/idp-how-to-join/.“

“The procedure for becoming a member of the Federation as a Service Provider is documented at: https://rif.renu.ac.ug/sp-how-to-join/.”

 

 

Policy:

 

Arnout: The policy document seems to focus on members only (tertiary education institutions of Uganda as well as dedicated research organizations). What are the requirements for SPs offered by others?

Response:

Section 4. Eligibility of the policy document has the statement “The criteria is fully described on the RIF website, https://rif.renu.ac.ug/.”

The procedure for SPs is at https://rif.renu.ac.ug/sp-how-to-join/, where there’s a clear procedure for SPs. Those that are not RENU member institutions are catered for by the statement “Organisations that are not subscribed to RENU membership, and have a desire to join the RIF as an SP only,  can  join through a different application process under non-member terms. Please contact the RENU Secretariat for more details.”

 

Arnout: 3.3: Members "Shall appoint and name an administrative contact"; however, no mention about technical contacts (couldn't find anything in the SAML Technology Profile as well)

Response: The statement “Shall appoint and name an administrative contact, and a technical contact, for interactions with the Federation Operator.” has been added in section 3.3.

 

Arnout: In 3.3 I see mentions of a "Data Protection Profile" and a "Level of Assurance Profiles". Where are they?

Response: The mentions of both terms have been done away with since we do not have the profiles yet.

 

Arnout: In 6.2 you first claim to offer the federation without liability, but then go on to say the maximum liability per calendar year is $1000. Is it just me or does that sound contradictory? Also, there are multiple paragraphs repeating the same thing.

Response: The maximum liability figure has been done away with. Repetition in section 6.3 – “Jurisdiction and dispute resolution” has been removed. We feel the remainder of section 6.2 that seems repetitive, instead provides more clarification and tries to remove ambiguity.

 

 

We have uploaded the updated documents for both the MRPS https://rif.renu.ac.ug/docs/mrps.pdf and the policy https://rif.renu.ac.ug/docs/rifp.pdf.

 

Kind regards,

 

Nicholas Mbonimpa

 

 

From: CTO RENU [mailto:cto AT renu.ac.ug]
Sent: Wednesday, November 15, 2017 8:03 AM
To: brook schofield <brook.schofield AT geant.org>
Cc: Arnout Terpstra <arnout.terpstra AT surfnet.nl>; edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] Assessment of Uganda/RIF for eduGAIN membership

 

Hullo Arnout,

 

Thank you for the feedback.

 

We shall now wait for all the comments from everyone else to update the new documents.

 

Kind regards,

 

Nicholas Mbonimpa

 

 

 

---

From: "brook schofield" <brook.schofield AT geant.org>
To: "Arnout Terpstra" <arnout.terpstra AT surfnet.nl>
Cc: edugain-discuss AT lists.geant.org
Sent: Tuesday, November 14, 2017 5:56:44 PM
Subject: Re: [eduGAIN-discuss] Assessment of Uganda/RIF for eduGAIN membership

 

All,

 

yes, Arnout is correct. I’ve just received confirmation from the RIF team that they have updated (and uploaded their documents) based on the feedback and following the policy template and MRPS template.

 

So for those that made comments previously and the 4 other federations asked to look at this - it would be great if you could cast your eyes over these documents once again.

 

-Brook

 

Brook Schofield

Project Development Officer

GÉANT 
M: +31651553991 
Skype: brookschofield

 

Networks • Services • People 

GÉANT is the collective trading name of the GÉANT Association and GEANT Limited. Learn more at www.geant.org​
​
GÉANT Vereniging (Association) is registered in the Netherlands with the Chamber of Commerce in Amsterdam. Registration number: 40535155. Registered office: Singel 468 D, Amsterdam 1017 AW, The Netherlands
GEANT Limited is registered in England & Wales. Registration number: 2806796. Registered office: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.

 

On 14 Nov 2017, at 3:54 pm, Arnout Terpstra <arnout.terpstra AT surfnet.nl> wrote:

 

Hi all,

 

It looks like a new version of both documents has been uploaded. I couldn't find (most of) the comments made by others in de text anymore. Also, the SAML Technology Profile is now online.

 

Looking at these new versions, here are some more comments:

 

MRPS:

- It took me a while to figure out who is eligible to join your federation; it might be worthwhile to include this in de MRPS (both IdPs and SPs)

 

Policy:

- The policy document seems to focus on members only (tertiary education institutions of Uganda as well as dedicated research organizations). What are the requirements for SPs offered by others?

- 3.3: Members "Shall appoint and name an administrative contact"; however, no mention about technical contacts (couldn't find anything in the SAML Technology Profile as well)

- In 3.3 I see mentions of a "Data Protection Profile" and a "Level of Assurance Profiles". Where are they?

- In 6.2 you first claim to offer the federation without liability, but then go on to say the maximum liability per calendar year is $1000. Is it just me or does that sound contradictory? Also, there are multiple paragraphs repeating the same thing.

 

Best,

Arnout Terpstra

SURFnet/SURFconext

 

On 9 Nov 2017, w. 45, at 08:34, Valentin Pocotilenco <pvv AT renam.md> wrote:

 

Hello,

if it make sense in current discusion, i recommend to check metadata using https://validator.edugain.org. (not so importrant : creation instant is missing)

Also, as Guy and Rhys mentioned, they have at least to enumerate somewhere required/optional attributes. ( MIFP 4.1 Identity Providers MUST generate and provide various Attributes as defined by the RIF, and as may be required by different Service Providers.)

Best regards and sorry for noise, Valentin.

 

11/3/2017 11:12 AM, Brook Schofield пишет:

All,

I present to you the application of:
 * Uganda/RIF

 

who has Signed the eduGAIN Declaration, has a policy based on various federation policies that were the precursor to the policy template, is self declaring their federation as a production service and is wanting to join the global R&E federated environment. 

 

You can find more detailed information about the federation under "eduGAIN Candidates” at
    https://technical.edugain.org/status.php

which contains links to their policy, MRPS and SAML2 Metadata Feed. 

 

To provide guidance on your assessment I’ve performed a summary (attached) of their policy and MRPS.

This application is from an organisation that is closely aligned with the GÉANT community via their participation in the AfricaConnect projects and their collaboration with UbuntuNet Alliance and NORDUnet. They are also the eduroam .ug roaming operator.

So I ask the following federations to specifically review the submission by RIF:

 * Luxembourg / eduID.lu

 * Macedonia/AAIEduMk

 * Moldova / LEAF

 * The Netherlands / SURFconext

 * New Zealand / Tuakiri

 

All eduGAIN members can (and should) provide feedback on this but to share the burden of review around these five (5) federations have a specific responsibility. 

If you have any questions please contact the RIF team (Alex + Hellen) that are subscribed to this mailing list as well as CC’d to this message.

 

Formal components of the membership process will be via the eduGAIN Steering Group mailing list. 

Thanks,

Brook Schofield

eduGAIN Steering Group Chair

GÉANT 

M: +31651553991 
Skype: brookschofield

 

Networks • Services • People 

GÉANT is the collective trading name of the GÉANT Association and GEANT Limited. Learn more at www.geant.org​
​
GÉANT Vereniging (Association) is registered in the Netherlands with the Chamber of Commerce in Amsterdam. Registration number: 40535155. Registered office: Singel 468 D, Amsterdam 1017 AW, The Netherlands
GEANT Limited is registered in England & Wales. Registration number: 2806796. Registered office: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.

 

 

Brook Schofield

Project Development Officer

GÉANT 
M: +31651553991 
Skype: brookschofield

 

Networks • Services • People 

GÉANT is the collective trading name of the GÉANT Association and GEANT Limited. Learn more at www.geant.org​
​
GÉANT Vereniging (Association) is registered in the Netherlands with the Chamber of Commerce in Amsterdam. Registration number: 40535155. Registered office: Singel 468 D, Amsterdam 1017 AW, The Netherlands
GEANT Limited is registered in England & Wales. Registration number: 2806796. Registered office: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.