An open discussion list for topics related to the eduGAIN interfederation service.

["Samia El Haddouti" <elhaddouti AT cnrst.ma>]

 

Feedback from the AAF...

Terry, thank you very much for your feedback and your interesting remarks and suggestions…

 

Metadata Registration Practice Statement (MRPS) 

If you suggest that these definitions should be generic, we propose  to modify them as following:

• Definitions and Terminology

• eduIDM Member: All universities and institutions connected to MARWAN NREN can join as members by signing the eduIDM Federation Member Request.  

I don't think this document is the right place to declare can be a member, maybe something more along the lines of the template - "An organisation that has joined the Federation by agreeing to be bound by the Federation Policy in writing", then in your federation policy you define the criteria for organisations joining.

o   eduIDM Member: An institution that has joined eduIDM Federation by agreeing to be bound by the eduIDM Federation Policy and by signing the eduIDM Federation Member Request.

• Federation Registry: a central tool to manage information about resources and home organizations participating in the eduIDM federation. Entities administrators register their metadata in a circle of trust managed by MARWAN, the operator of eduIDM federation.  

Not sure if this definition helps to clarify wrt the metadata registration practice, the federation registry is just used to registry metadata and it's run by the federation operator. 

 

Try and keep these definitions as generic as possible. 

o   eduIDM Registry: a system to register metadata of entities.  This system is run by the operator of eduIDM Federation – MARWAN.

 

• Introduction and applicability  

• This document SHALL be published on the federation website at: http://www.eduidm.ma/mrps-eduidm.pdf. 

The URL should be versioned. e.g.  http://www.eduidm.ma/mrps-eduidm-v1.0.pdf

The URL will be changed as you have suggested. http://www.eduidm.ma/mrps-eduidm-v1.0.pdf

• There is no statement about how updates are to be reflected in the federation metadata?

We will add the following statement:

“Updates to the documentation SHALL be accurately reflected in the federation metadata.”

• There is no statement about the meaning of an entity does not have any reference to any version of the document.
• There is no statement on how to request a re-evaluation of an entity against the current document.

This document will change over time, you practices need to cater for these changes.

The paragraph relating to the statements above, as is mentioned on the template, will be added:

 

“An entity that does not include a reference to a registration policy MUST be assumed to have been registered under an historic, undocumented registration practice regime. Requests to re-evaluate a given entity against a current MRPS MAY be made to the eduIDM helpdesk via team AT eduidm.ma”

• Member Eligibility and Ownership

• There is no reference to The procedure for becoming a member...

We will add the reference to the procedure for becoming a member of eduIDM as following:

“The procedure for becoming an eduIDM federation member is documented here: https://www.eduidm.ma/adhesion/”

• Are there any official databases that are used in the verification process, if so they should be listed.

During the verification process, we rely on the information received officially from the institution and that are approved by the legal representative

• Metadata Format

• The RegistrationInfo Element: example XML

The URL should have a version number.

 This will be changed as you have suggested

<mdrpi:RegistrationPolicy xml:lang="en">

     http://www.eduidm.ma/eduidm-mrps-v1.0.pdf

 </mdrpi:RegistrationPolicy>

 

• Entity Management  

• Once a member has joined the federation, any number of entities MAY be added by the Registered Representatives.

Need to allow for entities to be modified and deleted as these events do occur.

The statement will be changed as following:

“Once a member has joined the eduIDM Federation, any number of entities MAY be added, modified or removed by the Registered Representatives.”

 

Federation Policy

 

• Obligations and Rights of Federation Operator  

• Respect the legislation concerning the personal data in accordance with the law in force. 

Should this apply to all entities not just the Federation Operator. It is the IdPs and SPs that will be handling users personal data. Should they also agree to be bound by the legal requirements of your nation with respect to personal data.  

Fully agree. We will add this obligation on the “Obligations and Rights of Federation Members”

• Obligations and Rights of Federation Members 

• ... Identity Provider...

• Shall allow the exchange of End User attributes requested by service providers. 

The is very vague, is there a set of attributes that IdP must / should collect for use by SPs? If so these should be listed within the rules. This will help organisations when setting up their IdPs and services will have less issues if they know what attribute they can expect from IdPs.

 

The set of attributes, that IdPs must collect for use by SPs, they are specified in the IdP Memebership Agreement https://www.eduidm.ma/files/IdP-Membership-Agreement.pdf. This latter is the document that members sign when they join eduIDM policy.

• Eligibility  

• All institutions and organizations connected to MARWAN network or other academic institutions can join eduIDM federation as members. These institutions can apply, at any time, for membership as Identity Providers and/or Service Providers at any time. 

Your eligibility may limit you, particularly when connecting services to your federation. Many services come from commercial companies that provide resources to academic institutions.

 

 

The eduIDM team has decided to add commercial companies and organizations that don’t belong to MARWAN community as partners. In this case, the “Eligibility” section will be changed as following:

 

“All institutions and organizations connected to MARWAN network or other academic institutions can join eduIDM federation as members. These institutions can apply, at any time, for membership as Identity Providers and/or Service Providers at any time.  Commercial companies and organizations that don’t belong to the MARWAN community, and they would like to contribute to the eduIDM Federation by providing services, can join the eduIDM Federation as Partners.”

 

We will add the definition of  “eduIDM Partners” on the “Definitions and Terminology section” section.

 

Thanks,

Terry.

 Thank you again for the time you have put in reviewing our submission!

 

 

On Thu, 5 Jul 2018 at 01:12 Brook Schofield <brook.schofield AT geant.org> wrote:

All,

I present to you the application of Morocco / eduIDM.ma

 

who has Signed the eduGAIN Declaration, has a policy based on the policy template, is self declaring their federation as a production service and is wanting to join the global R&E federated environment.

You can find more detailed information about the federation under "eduGAIN Candidates” at
    https://technical.edugain.org/status.php
which contains links to their policy and MRPS.

This application is from an organisation that is closely aligned with the GÉANT community via their participation in the AfricaConnect and ASREN projects and communities. MARWAN is also the .ma eduroam roaming operator and Samia was a previous representative on the Global eduroam Governance Committee (and its first female member).

So I ask the following federations to specifically review the submission by eduIDM.ma:

 * Armenia/AFIRE

 * Australia/AAF

 * Austria/ACOnet Id Federation

 * Belarus/FEBAS

 * Bulgaria/BIF

 

All eduGAIN members can (and should) provide feedback on this but to share the burden of review around, these five (5) federations have a specific responsibility.

If you have any questions please contact the eduIDM.ma team and Samia El Haddouti that are subscribed to this mailing list as well as CC’d to this message.

Formal components of the membership process will be via the eduGAIN Steering Group mailing list.

Thanks,

-Brook

 

Brook Schofield
eduGAIN Steering Group Chair
GÉANT

M: +31651553991 
Skype: brookschofield

 

--

Terry Smith | Technical Engagement and Support Manager |  Australian Access Federation Inc

Mob: 0414 692 424 | Email: t.smith@aaf.edu.au | Address: Lvl 21, 179 Turbot St, Brisbane QLD 4000 |

Web: www.aaf.edu.au | Support: support.aaf.edu.au | Twitter: twitter.com/ausaccessfed

Attachment: smime.p7s
Description: S/MIME cryptographic signature