An open discussion list for topics related to the eduGAIN interfederation service.

[Brook Schofield <brook.schofield AT geant.org>]

All,

after a slight diversion on the the CAFMoz email thread there has been some progress on the Russia/RUNNet AAI front. 

So could those that provided feedback take a look and see if they are happy with these updates?

* Metadata endpoint is available: https://j.edugain.runnet.ru/j/signedmetadata/federation/RUNNET/metadata.xml now contains RUNNetAAI metadata 100% validated by eduGAIN validator (certificate will be imported once membership status is completed - just a safe guard to accidentally importing before then).

* Policy/MRPS updates at:  http://runnet.ru/en/release-2018-03-30 or through RUNNetAAI page http://runnet.ru/en/services-en/runnetaai-en

Changes include:

RUNNetAAI Terms of Service Agreement

Minor changes 

p 3.1 Added «with the Policy and its appendices»

p 3.2 Added «A termination implies the cancellation of the use of Policy».

RUNNetAAI Identity Federation Policy

Sec 1. Introduction

Removed too broad definition of the Federation.

Removed the terms of the Policy (5 years) because now it is mentioned in Terms and Service Agreement that Policy is valid until the Agreement is valid.

RUNNetAAI Technology Profile

The document was totally redrafted as previous version got a lot of comments. We tried to align the new version with the best practices also verifying is it suitable for us. We added references on Interoperable SAML 2.0 Profile saml2int.

Also we decided to move the most metadata information to the MRPS document as it includes section on entity requirement and verification.

 We decreased required attributes to EPPN and eduPersonAffiliation. Also we decided not to demand any privacy policy documents from SP   

 

RUNNetAAI MRPS

Some changes in Registration block and entity requirement and verification section.

Thanks,

-Brook

On 20 Mar 2018, at 12:10 pm, Brook Schofield <brook.schofield AT geant.org> wrote:

On 14 Mar 2018, at 8:53 pm, Peter Schober <peter.schober AT univie.ac.at> wrote:

* Brook Schofield <brook.schofield AT geant.org> [2018-03-13 19:00]:

This application is from an organisation that is closely aligned
with the GÉANT community and their participation in eduGAIN will
further build links to RUNNet and the Russian Academic community.

Would anyone care to spend just a few words on the [lack of]
relationship with фEDUrus who have sigend the eduGAIN policy almost 5
years ago and already have registered 14 SPs and 9 IDPs?
The more the merrier, of course, but can we at least assume that tools
or more importantly knowledge (and maybe metadata) are being shared?

-peter

Peter (& everyone else interested),

Work with RUNNet started about 2 years ago and at that time their focus was to work with фEDUrus to support an identity federation that supports their membership. For some reason (that I’m not privy to) that collaboration didn’t complete and RUNNet asked me whether it was permissible for a separate federation to be formed and the implications of that.

I also raised this topic at the last SG meeting of overlapping federations joining (because of RUNNet AAI, as well as multiple federations from China and a new Omani federation appearing). This wasn’t seen as a concern. https://wiki.geant.org/display/eduGAIN/eduGAIN+SG-2018+January

I’ve also recently asked the long term candidates about their intention with respect to eduGAIN in the short-/mid-term. фEDUrus responded that they are promising to do more work in this space so we hope to see updates to their website/policy soon - and that their focus is their library association ARLICON and specifically their membership in Kyrgyzstan and Kazakhstan so their target audience/memberships isn’t the same as RUNNet AAI.

I hope that these federations will be able to interoperate as eduGAIN members since they weren’t able to collaborate closer to home and that the membership of both organisations will benefit from eduGAIN participation.

-Brook