Skip to Content.
Sympa Menu

edugain-discuss - [eduGAIN-discuss] eduGAIN Town Hall 20171207

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

[eduGAIN-discuss] eduGAIN Town Hall 20171207


Chronological Thread 
  • From: Brook Schofield <brook.schofield AT geant.org>
  • To: "edugain-sg AT lists.geant.org" <edugain-sg AT lists.geant.org>
  • Cc: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: [eduGAIN-discuss] eduGAIN Town Hall 20171207
  • Date: Wed, 27 Dec 2017 15:22:40 +0000
  • Accept-language: en-AU, en-US
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=danteonline.onmicrosoft.com
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=brook.schofield AT geant.org;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

All,

the minutes (and presentations) of the eduGAIN Town Hall are available at:
   https://wiki.geant.org/display/eduGAIN/eduGAIN+Town+Hall+Meeting+20171207#eduGAINTownHallMeeting20171207-FederationsinAttendance(26)

and attached below (please review and comment, highlight or change anything you feel is wrong). I’ll circulate eduGAIN Steering Group 2018 proposed dates/times tomorrow.


State of the Interfederation Service https://geant.box.com/s/3dc9m3o24liqt7uwcbl28soz3f0gjyjh

Brook gave a summary of what has happened in eduGAIN in the year past and what is projected to happen in 2018 with regular input and correction from the community. While the morning presentations were focused on the GN4-3 project workplan for 2019 there is still an opportunity to do work in 2018 ahead of the next long term plan.

With a raft of new members joining eduGAIN the focus has moved away from federation membership to encouraging 100% of the IdPs within identity federations to participate (where practical). There are 25 federations with more than 90% of their IdP membership participating in eduGAIN.

Highlighting some of the low % eduGAIN participants (such as RCTSaai/Portugal, AAF/Australia and GakuNin/Japan) was an opportunity to look at the various deployment models. It was an opportunity to engage Esmeralda about RCTSaai deployment and this will be an activity in 2018. Equally a meeting beetween GÉANT and NII the previous day highlighted the need to work on engaging GakuNin members as they want to limit their engagement with SPs and rely on other federations for managing their metadata with the added drive that this will only be possible with eduGAIN participation of the IdPs or risk losing access to services. The AAF have recently outline a mechanism to encourage eduGAIN participation with IdP operators supporting both SIRTFI and R&S in the same motion. Davide raised the issue of "opt-in" vs "opt-out" policy for deployment and how "opt-out" has driven high % engagement (at least visible via eduGAIN) for IDEM. The discussion focused then on metadata interoperability vs higher level interoperability. It is unclear at this point whether simple metadata interoperability is actually achieved and by what degree and whether adopting mechanisms from the maturity/BCP work for eduGAIN pariticipation is more effective. More tooling is required in this regard.

See the (corrected) slides for a summary of activity and visit https://technical.edugain.org/status for up-to-date progerss on federation candidacy, membership and participation.


Thinking of best practices in eduGAIN

Nicole clarified that work on reviewing all policies has largely been completed. There was no need to change the eduGAIN Policy Declaration. The constitutions is completely published and that new constitution requires a SAML profile going with it. The current status of the consultation was presented and a few "sticking points" were discussed https://wiki.geant.org/display/eduGAIN/eduGAIN+SAML+Profile+Consultation

Peter Schober clarified his comment about MetaIOP where "you must trust a key that is contained in the MD, purely since you trust the MD. You cannot NOT TRUST a certificate as a result and ADFS is not always compliant". In the balancing act of not kicking out ADFS and making use of existing definitions, further discussion will be required to resolve this.

In the current version of the policy, we require registrationinstant - but if nobody uses it, why do we keep it? There weren't any good reasons to enforce its use (which we don't anyway because it is SHOULD) simpler to remove.

Finally, regarding MD aggregators that aggregate metadata from multiple sources MUST use <mdrpi: PublicationPath> but since MDS only accepts metadata from a registrationAuthority and would ignore other entries this isn't needed. Delete.

[ACTION] Nicole to review and republish the eduGAIN SAML Profile.


eduGAIN Support https://geant.box.com/s/4zkxy8wxgxezmw8r8dgtnx0yum18icbi

Thomas covered the transition of the "eduGAIN eScience Support Pilot" (starting in April 2017) to the eduGAIN Support Service. Statistics on ticket volume were presented in the slide deck. Future work will involve SIRTFI pilot support.

There was some discussion on new members of the federation community joining the support service as a training mechanism. It is desirable for those staffing the support service to have experience in the federation landscape. An extensive FAQ is being developed and the use of multiple people being available each week ensures that there is an escalation path.


T&I Operations https://geant.box.com/s/dv0gtm8kw1vcv3huodhu6aph2pnfeaax

Dick Visser took some time to reflect on the T&I White Paper work that covered fundamental infrastructure and whether services should be wholey located on GÉANT infrastructure, entirely distributed or a mixture of both.

Some debate focused on the onus of a Github user to fund the legal defense of ligitation brought against Github for the contents of your code repository. It was concluded that risk is not being able to determine the cost of your lawyers rather than the likelihood of litigation. The array of code "testing" tools that integrate with Github was identified as a benefit that would out weigh other negative traits.

Currently the timeline for providing IaaS via GÉANT is a task that is being shortened. The work of the T&I Ops team within GÉANT (the organisation) will be reviewing this components and informing the work in the service activity of GÉANT (the project) in support of various tooling.


Any Other Business

Any other business was triggered by a short slide deck by Niels van Dijk (PDF https://geant.box.com/s/x0g26azwxqbys540rp4r4qv6fay15kjx ) which presented on a proposal to make community signed metadata (in the vein of PEER/REEP) available with decorations. No concrete action resulted from this discussion.

All presentations can be found online https://geant.box.com/s/a7wks12rxvwg9b7l5u8f2y4g0ia52yw9

Brook Schofield
Project Development Officer
GÉANT 
M: +31651553991 
Skype: brookschofield
 
Networks • Services • People 

GÉANT is the collective trading name of the GÉANT Association and GEANT Limited. Learn more at www.geant.org
GÉANT Vereniging (Association) is registered in the Netherlands with the Chamber of Commerce in Amsterdam. Registration number: 40535155. Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands
GEANT Limited is registered in England & Wales. Registration number: 2806796. Registered office: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.



  • [eduGAIN-discuss] eduGAIN Town Hall 20171207, Brook Schofield, 12/27/2017

Archive powered by MHonArc 2.6.19.

Top of Page