An open discussion list for topics related to the eduGAIN interfederation service.

[Rhys Smith <Rhys.Smith AT jisc.ac.uk>]

Some feedback from me (I haven’t read any else’s comments yet, by the way, so 
may repeat):


Federation Policy:


Basically, and this is a big one - I think the whole document needs to be 
rewritten to sort out the terminology in use.

You define a Service Provider as an organisation. That’s a bit confusing, 
because Identity provider and Service provider are specific SAML roles than a 
particular organisation can have, rather than organisations in of themselves.

Throughout this whole policy document this means this all gets confusing when 
you talk about “Identity Providers” and “Service Providers” - sometimes 
you’re referring to the SAML roles (e.g. "a Federation Member can act as a 
Home Organization and/or a Service Provider”), sometimes as organisations 
("Identity Providers and Service Providers are able to join or leave the 
Federation”).

Would suggest you keep “Identity Provider” and “Service Provider” as the SAML 
roles, and either talk about organisations joining the federation and being 
able to deploy those SAML roles, or if you really consider organisations that 
provide identity and organisations that provider services as different, then 
use different naming to clarify things.

Other smaller stuff:

* You mention a fees appendix, this doesn’t exist.


MDRPS:

* A MDRPS identifier of "http://www.fedurus.ru/doc/mrps-en/” doesn’t allow 
for versioning, suggest each version of the MDRPS has a unique identifier to 
allow new versions to be created and managed.

* Section 4 - your XML snippet has two mdrpi:RegistrationPolicy of 
xml:lang=“en” with the same value.

* Section 5.1 - you might want to enumerate other ways when DNS WHOIS isn’t 
sufficient, e.g. demonstrating technical control of a domain.

* Section 5.1 - you mention checking DNS for use in entityIDs, but not in 
Scopes - you need to do the same checking for scopes.


Technology profile:

* Well done for actually having one! Some good stuff in there as well.

--
Dr Rhys Smith
Chief Technical Architect, Trust & Identity
Jisc

T: +44 (0) 1235 822145
M: +44 (0) 7968 087821
Skype: rhys-smith
GPG: 0x4638C985
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by 
guarantee which is registered in England under Company No. 5747339, VAT No. 
GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, 
Bristol, BS2 0JA. T 0203 697 5800.

> On 26 Jul 2018, at 08:10, Brook Schofield <brook.schofield AT geant.org> wrote:
> 
> All,
> 
> I present to you the application of Russia / фEDUrus (aka fEDUrus) who has 
> Signed the eduGAIN Declaration, has a policy based on the policy template, 
> is self declaring their federation as a production service and is wanting 
> to join the global R&E federated environment.
> 
> You can find more detailed information about the federation under "eduGAIN 
> Candidates” at
>     https://technical.edugain.org/status.php
> which contains links to their policy and MRPS.
> 
> This application is from an organisation that has been working to join 
> eduGAIN since 2013 and have attended various REFEDS and community meetings 
> over the years.
> 
> So I ask the following federations to specifically review the submission by 
> фEDUrus:
>  * Belgium/Belnet Federation
>  * Brazil/CaFe
>  * Canada/Canadian Access Federation
>  * Chile/COFRe
>  * Colombia/ColFIRE
> 
> All eduGAIN members can (and should) provide feedback on this but to share 
> the burden of review around, these five (5) federations have a specific 
> responsibility.
> 
> If you have any questions please contact the фEDUrus team (Andrey and 
> Rustam) that are subscribed to this mailing list as well as CC’d to this 
> message.
> 
> Formal components of the membership process will be via the eduGAIN 
> Steering Group mailing list.
> 
> Thanks,
> 
> -Brook
> 
> Brook Schofield
> eduGAIN Steering Group Chair
> GÉANT
> M: +31651553991 
> Skype: brookschofield