Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership


Chronological Thread 
  • From: Соколов Андрей Владимирович <a.sokolov AT spbu.ru>
  • To: "Rhys Smith" <Rhys.Smith AT jisc.ac.uk>, "Brook Schofield" <brook.schofield AT geant.org>
  • Cc: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>, "fEDUrus Tech Support" <support AT fedurus.ru>, "Rustam Usmanov" <rustam AT unilib.spbstu.ru>
  • Subject: Re: [eduGAIN-discuss] Assessment of Russia/фEDUrus/fEDURUS for eduGAIN membership
  • Date: Tue, 07 Aug 2018 13:21:26 +0300
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=spbu.ru

Dear Rhys, dear colleagues,

One more time sorry for delay.
Thanks a lot for helpful comments.

MRPS:

Yes, it's error in XML snippet, we fixed this issue and
published new version of a document.

Section 5.1 already contain other ways demonstrating technical control of a
domain.

Federation Policy:

Yes, you absolutely right. We work on it now.

One more time many thanks.

Best wishes,

Andrey Sokolov
FEDURUS
ARLICON

On Fri, 27 Jul 2018 13:47:12 +0000
Rhys Smith <Rhys.Smith AT jisc.ac.uk> wrote:
Some feedback from me (I haven’t read any else’s comments yet, by the way, so may repeat):


Federation Policy:


Basically, and this is a big one - I think the whole document needs to be rewritten to sort out the terminology in use.

You define a Service Provider as an organisation. That’s a bit confusing, because Identity provider and Service provider are specific SAML roles than a particular organisation can have, rather than organisations in of themselves.

Throughout this whole policy document this means this all gets confusing when you talk about “Identity Providers” and “Service Providers” - sometimes you’re referring to the SAML roles (e.g. "a Federation Member can act as a Home Organization and/or a Service Provider”), sometimes as organisations ("Identity Providers and Service Providers are able to join or leave the Federation”).

Would suggest you keep “Identity Provider” and “Service Provider” as the SAML roles, and either talk about organisations joining the federation and being able to deploy those SAML roles, or if you really consider organisations that provide identity and organisations that provider services as different, then use different naming to clarify things.

Other smaller stuff:

* You mention a fees appendix, this doesn’t exist.


MDRPS:

* A MDRPS identifier of "http://www.fedurus.ru/doc/mrps-en/” doesn’t allow for versioning, suggest each version of the MDRPS has a unique identifier to allow new versions to be created and managed.

* Section 4 - your XML snippet has two mdrpi:RegistrationPolicy of xml:lang=“en” with the same value.

* Section 5.1 - you might want to enumerate other ways when DNS WHOIS isn’t sufficient, e.g. demonstrating technical control of a domain.

* Section 5.1 - you mention checking DNS for use in entityIDs, but not in Scopes - you need to do the same checking for scopes.


Technology profile:

* Well done for actually having one! Some good stuff in there as well.

--
Dr Rhys Smith
Chief Technical Architect, Trust & Identity
Jisc

T: +44 (0) 1235 822145
M: +44 (0) 7968 087821
Skype: rhys-smith
GPG: 0x4638C985
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

On 26 Jul 2018, at 08:10, Brook Schofield <brook.schofield AT geant.org> wrote:

All,

I present to you the application of Russia / фEDUrus (aka fEDUrus) who has Signed the eduGAIN Declaration, has a policy based on the policy template, is self declaring their federation as a production service and is wanting to join the global R&E federated environment.

You can find more detailed information about the federation under "eduGAIN Candidates” at
https://technical.edugain.org/status.php
which contains links to their policy and MRPS.

This application is from an organisation that has been working to join eduGAIN since 2013 and have attended various REFEDS and community meetings over the years.

So I ask the following federations to specifically review the submission by фEDUrus:
* Belgium/Belnet Federation
* Brazil/CaFe
* Canada/Canadian Access Federation
* Chile/COFRe
* Colombia/ColFIRE

All eduGAIN members can (and should) provide feedback on this but to share the burden of review around, these five (5) federations have a specific responsibility.

If you have any questions please contact the фEDUrus team (Andrey and Rustam) that are subscribed to this mailing list as well as CC’d to this message.

Formal components of the membership process will be via the eduGAIN Steering Group mailing list.

Thanks,

-Brook

Brook Schofield
eduGAIN Steering Group Chair
GÉANT
M: +31651553991 Skype: brookschofield





Archive powered by MHonArc 2.6.19.

Top of Page