An open discussion list for topics related to the eduGAIN interfederation service.

[Nick Roy <nroy AT internet2.edu>]

On 11 Mar 2019, at 1:58, 振溶[Jinyong Jo] wrote:

> Hello,
>
> Posted documents seem well organized. We have just a few comments:
>
> 1. As already noted by another member, there are documents missing on the
> website. The site should post the documents, federation metadata, and
> signing certificate.
> - Level of Assurance profiles
> - Technology profiles
> - Application form
> - Template of the Identity Management Practice Statement, if possible
>
> 2. "Related to Identity Providers, in order to maintain consistency, only
> one IdP per institution is accepted" (p.6 in [1])
>   "Once a member has joined the Federation, the member MAY add any number
> of entities" (p.5 in [2])
>  - May a Federation Member have multiple IdPs? The meaning of the 2nd
> sentence needs to be clarified more.
>
> 3. Use of the regular expressions (p.4 in [2])
>  - I am not sure about if it is recommendable to use the regular expression
> in the scope. We, KAFE do not allow the regular expression and thus it
> possibly makes interoperability issues.
> I would like to hear what other federations think about using the regular
> expression.

InCommon historically filtered all eduGAIN IdP metadata from our imports if 
the metadata contained regular expression-based scopes. In the last year, we 
have relaxed this policy, and check regular expressions for some basic 
characteristics (must end in a 'literal tail', etc.) before allowing them to 
be imported.

Nick

>
> 4. Entity validation (p.5 in [2])
>  -  I hope RoEduNetID drives its members to use strong signing algorithms
> and key length. Also, it would be nice to encourage the members to include
> the privacy policy statement into the metadata. Entities in eduGAIN
> metadata are filtered out by our federation if they provide weak algorithms
> and short key length as well as no privacy-policy statement.
>
> [1] Identity Federation Policy
> [2] Federation Operator Practice: Metadata Registration Practice Statement
> (MRPS)
>
> Kind Regards,
> Jinyong Jo
>
>
> 2019년 3월 7일 (목) 오후 10:21, Brook Schofield <brook.schofield AT geant.org>님이 작성:
>
>> All,
>>
>> I present to you the application of Romania / RoEduNetID who has signed
>> the eduGAIN Declaration, has a policy based on the policy template, is
>> self declaring their federation as a production service and is wanting to
>> join the global R&E federated environment.
>>
>> You can find more detailed information about the federation under "eduGAIN
>> Candidates” at
>>     https://technical.edugain.org/status.php
>> which contains links to their policy and MRPS.
>>
>> This application is from an organisation that is closely aligned with the
>> GÉANT community via their participation in the GÉANT project (GN4-2) and
>> received funding to support their participation in eduGAIN.
>>
>> So I ask the following federations to specifically review the submission
>> by RoEduNetID:
>>  * Korea/KAFE
>>  * Latvia / LAIFE
>>  * Lithuania / LITNET FEDI
>>  * Luxembourg / eduID.lu
>>  * Macedonia/AAIEduMk
>>
>> All eduGAIN members can (and should) provide feedback on this but to share
>> the burden of review around, these five (5) federations have a specific
>> responsibility.
>>
>> If you have any questions please contact the RoEduNetID team that are
>> subscribed to this mailing list as well as CC’d to this message.
>>
>> Formal components of the membership process will be via the eduGAIN
>> Steering Group mailing list.
>>
>> Thanks,
>> Brook Schofield
>> eduGAIN Steering Group Chair
>> GÉANT
>> M: +31651553991
>> Skype: brookschofield
>>
>>

Attachment: signature.asc
Description: OpenPGP digital signature