An open discussion list for topics related to the eduGAIN interfederation service.

[Соколов Андрей Владимирович <a.sokolov AT spbu.ru>]

Dear Rhys, dear colleagues,

One more time sorry for delay.
Thanks a lot for helpful comments.

MRPS:

Yes, it's error in XML snippet, we fixed this issue and
published new version of a document.

Section 5.1 already contain other ways demonstrating technical control 
of a
domain.

Federation Policy:

Yes, you absolutely right. We work on it now.

One more time many thanks.

Best wishes,

Andrey Sokolov
FEDURUS
ARLICON

On Fri, 27 Jul 2018 13:47:12 +0000
 Rhys Smith <Rhys.Smith AT jisc.ac.uk> wrote:
> Some feedback from me (I haven’t read any else’s comments yet, by 
> the way, so may repeat):
>
>
> Federation Policy:
>
>
> Basically, and this is a big one - I think the whole document needs 
> to be rewritten to sort out the terminology in use.
>
> You define a Service Provider as an organisation. That’s a bit 
> confusing, because Identity provider and Service provider are 
> specific SAML roles than a particular organisation can have, rather 
> than organisations in of themselves.
>
> Throughout this whole policy document this means this all gets 
> confusing when you talk about “Identity Providers” and “Service 
> Providers” - sometimes you’re referring to the SAML roles (e.g. "a 
> Federation Member can act as a Home Organization and/or a Service 
> Provider”), sometimes as organisations ("Identity Providers and 
> Service Providers are able to join or leave the Federation”).
>
> Would suggest you keep “Identity Provider” and “Service Provider” as 
> the SAML roles, and either talk about organisations joining the 
> federation and being able to deploy those SAML roles, or if you 
> really consider organisations that provide identity and organisations 
> that provider services as different, then use different naming to 
> clarify things.
>
> Other smaller stuff:
>
> * You mention a fees appendix, this doesn’t exist.
>
>
> MDRPS:
>
> * A MDRPS identifier of "http://www.fedurus.ru/doc/mrps-en/” doesn’t 
> allow for versioning, suggest each version of the MDRPS has a unique 
> identifier to allow new versions to be created and managed.
>
> * Section 4 - your XML snippet has two mdrpi:RegistrationPolicy of 
> xml:lang=“en” with the same value.
>
> * Section 5.1 - you might want to enumerate other ways when DNS 
> WHOIS isn’t sufficient, e.g. demonstrating technical control of a 
> domain.
>
> * Section 5.1 - you mention checking DNS for use in entityIDs, but 
> not in Scopes - you need to do the same checking for scopes.
>
>
> Technology profile:
>
> * Well done for actually having one! Some good stuff in there as 
> well.
>
> --
> Dr Rhys Smith
> Chief Technical Architect, Trust & Identity
> Jisc
>
> T: +44 (0) 1235 822145
> M: +44 (0) 7968 087821
> Skype: rhys-smith
> GPG: 0x4638C985
> Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited 
> by guarantee which is registered in England under Company No. 
> 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One 
> Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
> > On 26 Jul 2018, at 08:10, Brook Schofield 
> > <brook.schofield AT geant.org> wrote:
> >
> > All,
> >
> > I present to you the application of Russia / фEDUrus (aka fEDUrus) 
> > who has Signed the eduGAIN Declaration, has a policy based on the 
> > policy template, is self declaring their federation as a production 
> > service and is wanting to join the global R&E federated environment.
> >
> > You can find more detailed information about the federation under 
> > "eduGAIN Candidates” at
> >     https://technical.edugain.org/status.php
> > which contains links to their policy and MRPS.
> >
> > This application is from an organisation that has been working to 
> > join eduGAIN since 2013 and have attended various REFEDS and 
> > community meetings over the years.
> >
> > So I ask the following federations to specifically review the 
> > submission by фEDUrus:
> >  * Belgium/Belnet Federation
> >  * Brazil/CaFe
> >  * Canada/Canadian Access Federation
> >  * Chile/COFRe
> >  * Colombia/ColFIRE
> >
> > All eduGAIN members can (and should) provide feedback on this but to 
> > share the burden of review around, these five (5) federations have a 
> > specific responsibility.
> >
> > If you have any questions please contact the фEDUrus team (Andrey 
> > and Rustam) that are subscribed to this mailing list as well as CC’d 
> > to this message.
> >
> > Formal components of the membership process will be via the eduGAIN 
> > Steering Group mailing list.
> >
> > Thanks,
> >
> > -Brook
> >
> > Brook Schofield
> > eduGAIN Steering Group Chair
> > GÉANT
> > M: +31651553991 
> > Skype: brookschofield