An open discussion list for topics related to the eduGAIN interfederation service.

[Rhys Smith <Rhys.Smith AT jisc.ac.uk>]

Overall comments:

* Is the federation called eduGain Albania, eduID Albania, or RaSH? All of 
the documents and the website confuse the two in several places (see below).

* Website is lacking a lot of stuff, e.g. the Participants tab is entirely 
empty.


MRPS:

* Section 3 suggests the membership procedures are at “edugain.rash.al” - 
this domain doesn’t exist. Should be eduid.rash.il? If so, then at least 
eduid.rash.il resolves, but it has no such documents.

* Section 5 - same as above, reference to edugain.rash.al

* Section 5 suggests you check domain ownership for EntityIDs, but does not 
mention checking it for scopes. See https://github.com/REFEDS/MRPS/pull/5 for 
suggested wording.


Federation Policy:

* Section 1 - You define a “Service Provider” as “An organization that […]” - 
but Service Provider is a role that an organisation can play, not an 
organization in of itself. Your definition of “Federation Member” even makes 
that clear.

* Section 2 - you talk about “EduGAIN Albania” but have a url of eduID.rash.al

* Section 3.1 - "MB is authorized to accept new Federation documents” - 
what’s a federation document? That isn’t mentioned anywhere else.

* Section 3.1 and 4.1 - "Members and Partners” - what’s a partner? I can’t 
see that defined anywhere.

* Section 3.2 and 3.3 - you can suspend individual Technology Profiles and 
members must comply with them - where are your technology profiles documented?

* Section 3.3 - appendix Fees - no such appendix.

* Section 3.3 - Transfer of personal data - do you define personal data 
anywhere? Do you define what you mean by consent anywhere?

* Section 6 - “*governing body*” is used twice, but is not defined anywhere. 
Should be Member’s Board?

* Section 6.1 - how interfederation works is "described in appropriate 
Technology Profiles.” - Where are these?

* Nothing on how you would terminate the federation; members may want 
reassurance of how much notice you’d give them before doing such a thing.

Best,
Rhys.
--
Dr Rhys Smith
Chief Technical Architect, Trust & Identity
Jisc

T: +44 (0) 1235 822145
M: +44 (0) 7968 087821
Skype: rhys-smith
GPG: 0x4638C985
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by 
guarantee which is registered in England under Company No. 5747339, VAT No. 
GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, 
Bristol, BS2 0JA. T 0203 697 5800.

Attachment: smime.p7s
Description: S/MIME cryptographic signature