An open discussion list for topics related to the eduGAIN interfederation service.

[Terry Smith <t.smith AT aaf.edu.au>]

Feedback from the AAF...

Metadata Registration Practice Statement (MRPS) 

• Definitions and Terminology

• eduIDM Member: All universities and institutions connected to MARWAN NREN can join as members by signing the eduIDM Federation Member Request.  

I don't think this document is the right place to declare can be a member, maybe something more along the lines of the template - "An organisation that has joined the Federation by agreeing to be bound by the Federation Policy in writing", then in your federation policy you define the criteria for organisations joining.

• Federation Registry: a central tool to manage information about resources and home organizations participating in the eduIDM federation. Entities administrators register their metadata in a circle of trust managed by MARWAN, the operator of eduIDM federation.  
  

Not sure if this definition helps to clarify wrt the metadata registration practice, the federation registry is just used to registry metadata and it's run by the federation operator. 

Try and keep these definitions as generic as possible. 

• Introduction and applicability  
  

• This document SHALL be published on the federation website at: http://www.eduidm.ma/mrps-eduidm.pdf. 

The URL should be versioned. e.g.  http://www.eduidm.ma/mrps-eduidm-v1.0.pdf

• There is no statement about how updates are to be reflected in the federation metadata?
• There is no statement about the meaning of an entity does not have any reference to any version of the document.
• There is no statement on how to request a re-evaluation of an entity against the current document.

This document will change over time, you practices need to cater for these changes.

• Member Eligibility and Ownership
  

• There is no reference to The procedure for becoming a member...
• Are there any official databases that are used in the verification process, if so they should be listed.

• Metadata Format

• The RegistrationInfo Element: example XML

The URL should have a version number.

 

<mdrpi:RegistrationPolicy xml:lang="en">

     http://www.eduidm.ma/eduidm-mrps-v1.0.pdf

 </mdrpi:RegistrationPolicy>

• Entity Management  
  

• Once a member has joined the federation, any number of entities MAY be added by the Registered Representatives.

Need to allow for entities to be modified and deleted as these events do occur.

Federation Policy

• Obligations and Rights of Federation Operator  

• Respect the legislation concerning the personal data in accordance with the law in force. 

Should this apply to all entities not just the Federation Operator. It is the IdPs and SPs that will be handling users personal data. Should they also agree to be bound by the legal requirements of your nation with respect to personal data.  

• Obligations and Rights of Federation Members 
  

• ... Identity Provider...

• Shall allow the exchange of End User attributes requested by service providers. 

The is very vague, is there a set of attributes that IdP must / should collect for use by SPs? If so these should be listed within the rules. This will help organisations when setting up their IdPs and services will have less issues if they know what attribute they can expect from IdPs.

• Eligibility  

• All institutions and organizations connected to MARWAN network or other academic institutions can join eduIDM federation as members. These institutions can apply, at any time, for membership as Identity Providers and/or Service Providers at any time. 

Your eligibility may limit you, particularly when connecting services to your federation. Many services come from commercial companies that provide resources to academic institutions.

Thanks,

Terry.

 

On Thu, 5 Jul 2018 at 01:12 Brook Schofield <brook.schofield AT geant.org> wrote:

All,

I present to you the application of Morocco / eduIDM.ma

who has Signed the eduGAIN Declaration, has a policy based on the policy template, is self declaring their federation as a production service and is wanting to join the global R&E federated environment.

You can find more detailed information about the federation under "eduGAIN Candidates” at
    https://technical.edugain.org/status.php
which contains links to their policy and MRPS.

This application is from an organisation that is closely aligned with the GÉANT community via their participation in the AfricaConnect and ASREN projects and communities. MARWAN is also the .ma eduroam roaming operator and Samia was a previous representative on the Global eduroam Governance Committee (and its first female member).

So I ask the following federations to specifically review the submission by eduIDM.ma:

 * Armenia/AFIRE

 * Australia/AAF

 * Austria/ACOnet Id Federation

 * Belarus/FEBAS

 * Bulgaria/BIF

All eduGAIN members can (and should) provide feedback on this but to share the burden of review around, these five (5) federations have a specific responsibility.

If you have any questions please contact the eduIDM.ma team and Samia El Haddouti that are subscribed to this mailing list as well as CC’d to this message.

Formal components of the membership process will be via the eduGAIN Steering Group mailing list.

Thanks,

-Brook

Brook Schofield
eduGAIN Steering Group Chair
GÉANT

M: +31651553991 
Skype: brookschofield

--

Terry Smith | Technical Engagement and Support Manager |  Australian Access Federation Inc

Mob: 0414 692 424 | Email: t.smith@aaf.edu.au | Address: Lvl 21, 179 Turbot St, Brisbane QLD 4000 |

Web: www.aaf.edu.au | Support: support.aaf.edu.au | Twitter: twitter.com/ausaccessfed