edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership
Chronological Thread
- From: Rhys Smith <Rhys.Smith AT jisc.ac.uk>
- To: Brook Schofield <brook.schofield AT geant.org>
- Cc: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>, fEDUrus Tech Support <support AT fedurus.ru>, Andrey Sokolov <a.sokolov AT spbu.ru>, Rustam Usmanov <rustam AT unilib.spbstu.ru>
- Subject: Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership
- Date: Fri, 27 Jul 2018 13:47:12 +0000
- Accept-language: en-GB, en-US
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=jisc.ac.uk
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Some feedback from me (I haven’t read any else’s comments yet, by the way, so
may repeat):
Federation Policy:
Basically, and this is a big one - I think the whole document needs to be
rewritten to sort out the terminology in use.
You define a Service Provider as an organisation. That’s a bit confusing,
because Identity provider and Service provider are specific SAML roles than a
particular organisation can have, rather than organisations in of themselves.
Throughout this whole policy document this means this all gets confusing when
you talk about “Identity Providers” and “Service Providers” - sometimes
you’re referring to the SAML roles (e.g. "a Federation Member can act as a
Home Organization and/or a Service Provider”), sometimes as organisations
("Identity Providers and Service Providers are able to join or leave the
Federation”).
Would suggest you keep “Identity Provider” and “Service Provider” as the SAML
roles, and either talk about organisations joining the federation and being
able to deploy those SAML roles, or if you really consider organisations that
provide identity and organisations that provider services as different, then
use different naming to clarify things.
Other smaller stuff:
* You mention a fees appendix, this doesn’t exist.
MDRPS:
* A MDRPS identifier of "http://www.fedurus.ru/doc/mrps-en/” doesn’t allow
for versioning, suggest each version of the MDRPS has a unique identifier to
allow new versions to be created and managed.
* Section 4 - your XML snippet has two mdrpi:RegistrationPolicy of
xml:lang=“en” with the same value.
* Section 5.1 - you might want to enumerate other ways when DNS WHOIS isn’t
sufficient, e.g. demonstrating technical control of a domain.
* Section 5.1 - you mention checking DNS for use in entityIDs, but not in
Scopes - you need to do the same checking for scopes.
Technology profile:
* Well done for actually having one! Some good stuff in there as well.
--
Dr Rhys Smith
Chief Technical Architect, Trust & Identity
Jisc
T: +44 (0) 1235 822145
M: +44 (0) 7968 087821
Skype: rhys-smith
GPG: 0x4638C985
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under Company No. 5747339, VAT No.
GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
Bristol, BS2 0JA. T 0203 697 5800.
> On 26 Jul 2018, at 08:10, Brook Schofield <brook.schofield AT geant.org> wrote:
>
> All,
>
> I present to you the application of Russia / фEDUrus (aka fEDUrus) who has
> Signed the eduGAIN Declaration, has a policy based on the policy template,
> is self declaring their federation as a production service and is wanting
> to join the global R&E federated environment.
>
> You can find more detailed information about the federation under "eduGAIN
> Candidates” at
> https://technical.edugain.org/status.php
> which contains links to their policy and MRPS.
>
> This application is from an organisation that has been working to join
> eduGAIN since 2013 and have attended various REFEDS and community meetings
> over the years.
>
> So I ask the following federations to specifically review the submission by
> фEDUrus:
> * Belgium/Belnet Federation
> * Brazil/CaFe
> * Canada/Canadian Access Federation
> * Chile/COFRe
> * Colombia/ColFIRE
>
> All eduGAIN members can (and should) provide feedback on this but to share
> the burden of review around, these five (5) federations have a specific
> responsibility.
>
> If you have any questions please contact the фEDUrus team (Andrey and
> Rustam) that are subscribed to this mailing list as well as CC’d to this
> message.
>
> Formal components of the membership process will be via the eduGAIN
> Steering Group mailing list.
>
> Thanks,
>
> -Brook
>
> Brook Schofield
> eduGAIN Steering Group Chair
> GÉANT
> M: +31651553991
> Skype: brookschofield
- [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Brook Schofield, 26-Jul-2018
- Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Nick Roy, 26-Jul-2018
- Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Nick Roy, 26-Jul-2018
- Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Joost van Dijk, 27-Jul-2018
- Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Nick Roy, 27-Jul-2018
- Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Joost van Dijk, 27-Jul-2018
- Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Nick Roy, 26-Jul-2018
- Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Rhys Smith, 07/27/2018
- Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership, Nick Roy, 26-Jul-2018
Archive powered by MHonArc 2.6.19.