An open discussion list for topics related to the eduGAIN interfederation service.

[Valeriu Vraciu <valeriu AT roedu.net>]

Hello,

On 11/03/19 09:58, 振溶[Jinyong Jo] wrote:
> Hello, 
> 
> Posted documents seem well organized. We have just a few comments:
> 
> 1. As already noted by another member, there are documents missing on
> the website. The site should post the documents, federation metadata,
> and signing certificate. 
> - Level of Assurance profiles
> - Technology profiles
> - Application form  
> - Template of the Identity Management Practice Statement, if possible
> 

Added federation metadata, signed with a self-signed certificate
(temporarily with 1 year validity certificate), published as well at
https://eduid.roedu.net/metadata/
We are working to add information on the website.

> 2. "Related to Identity Providers, in order to maintain consistency,
> only one IdP per institution is accepted" (p.6 in [1])
>   "Once a member has joined the Federation, the member MAY add any
> number of entities" (p.5 in [2]) 
>  - May a Federation Member have multiple IdPs? The meaning of the 2nd
> sentence needs to be clarified more.

Removed this requirement related to uniqueness of IdP per institution.
There can be large entities that have several components, each one with
own authentication systems (thinking about the Romanian Academy which
has many institutes, but maybe community has other examples ?).

> 
> 3. Use of the regular expressions (p.4 in [2])
>  - I am not sure about if it is recommendable to use the regular
> expression in the scope. We, KAFE do not allow the regular expression
> and thus it possibly makes interoperability issues.
> I would like to hear what other federations think about using the
> regular expression. 

As mentioned by Peter S., this appears in the last version of the MRPS
template.

> 
> 4. Entity validation (p.5 in [2])
>  -  I hope RoEduNetID drives its members to use strong signing
> algorithms and key length. Also, it would be nice to encourage the
> members to include the privacy policy statement into the metadata.
> Entities in eduGAIN metadata are filtered out by our federation if they
> provide weak algorithms and short key length as well as no
> privacy-policy statement. 

Intention is to do a renewal process of members, with recommendations we
find in eduGAIN community.

> 
> [1] Identity Federation Policy
> [2] Federation Operator Practice: Metadata Registration Practice
> Statement (MRPS)
> 
> Kind Regards,
> Jinyong Jo
> 

Best wishes,
Valeriu.

> 
> 2019년 3월 7일 (목) 오후 10:21, Brook Schofield
> <brook.schofield AT geant.org <mailto:brook.schofield AT geant.org>>님이 작성:
> 
>     All,
> 
>     I present to you the application of Romania / RoEduNetID who has
>     signed the eduGAIN Declaration, has a policy based on the policy
>     template, is self declaring their federation as a production
>     service and is wanting to join the global R&E federated environment.
> 
>     You can find more detailed information about the federation under
>     "eduGAIN Candidates” at
>         https://technical.edugain.org/status.php
>     which contains links to their policy and MRPS.
> 
>     This application is from an organisation that is closely aligned
>     with the GÉANT community via their participation in the GÉANT
>     project (GN4-2) and received funding to support their participation
>     in eduGAIN.
> 
>     So I ask the following federations to specifically review the
>     submission by RoEduNetID:
>      * Korea/KAFE
>      * Latvia / LAIFE
>      * Lithuania / LITNET FEDI
>      * Luxembourg / eduID.lu <http://eduID.lu>
>      * Macedonia/AAIEduMk
> 
>     All eduGAIN members can (and should) provide feedback on this but to
>     share the burden of review around, these five (5) federations have
>     a specific responsibility.
> 
>     If you have any questions please contact the RoEduNetID team that
>     are subscribed to this mailing list as well as CC’d to this message.
> 
>     Formal components of the membership process will be via the eduGAIN
>     Steering Group mailing list.
> 
>     Thanks,
>     Brook Schofield
>     eduGAIN Steering Group Chair
>     GÉANT
>     M: +31651553991 
>     Skype: brookschofield
> 

-- 
Valeriu Vraciu
RoEduNet

Attachment: signature.asc
Description: OpenPGP digital signature