An open discussion list for topics related to the eduGAIN interfederation service.

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

thank your for the good work you put into addressing these comments.

I only have one non-critical remark remaining :-)

1) metadata
You realise that your federation metadata still has a number of warnings
in the new Validator?

https://technical.edugain.org/validator2

For seven IdPs,: "mdui:UIInfo found but no mdui:Logo element"

This is not critical, but while you are in touch with your IdPs for
other mop-up actions, this could be one thing to address with them.

Greetings,

Stefan Winter

Am 14.03.19 um 12:50 schrieb Valeriu Vraciu:
> Hello all,
> 
> 
> I will try to address inline all raised issues by responding separately
> to each mail. Please help us by analyzing further what other problems
> exist with our application. Thank you all.
> 
> On 08/03/19 15:57, Stefan Winter wrote:
>> Hello,
>>
>>> I present to you the application of Romania / RoEduNetID who has signed
>>> the eduGAIN Declaration, has a policy based on the policy template, is
>>> self declaring their federation as a production service and is wanting
>>> to join the global R&E federated environment.
>>
>> When I browsed their website and the technical.edugain.org status page,
>> I noticed they did not declare a metadata URL, and in fact the entire
>> web page does not show any federation metadata.
>>
>> I wonder how that goes together with the self-declared status of
>> "production": where is the federation, except on paper?
> 
> Link to federation metadata and signing certificate can now be found at
> https://eduid.roedu.net/metadata/
> 
> From completeness point of view, this metadata needs more 2 IdPs, but at
> this moment they use expired certificates, so are not included in the
> aggregate.
> 
>>
>>> You can find more detailed information about the federation under
>>> "eduGAIN Candidates” at
>>>     https://technical.edugain.org/status.php
>>> which contains links to their policy and MRPS.
>>
>> The version of their policy is "0.8"; MRPS is "0.3". Are those the
>> latest, final versions that should be reviewed? Or is there a 1.0
>> somewhere, this being an outdated copy?
> 
> We avoided "Version 1.0" or "final version" because it was
> expected to receive comments from eduGain community. After this round of
> assessment and if it will be ok, those docs will be v1.0. For the
> moment, Policy is version 0.92
> (https://eduid.roedu.net/wp-content/uploads/2019/03/RoEduNet-Identity_Federation_Policy-v0.92.pdf)
> and MRPS version 0.7
> (https://eduid.roedu.net/wp-content/uploads/2019/03/RoEduNet-Metadata_Registration-v0.7.pdf)
> 
>>
>> Policy
>> ======
>> 1)
>> The document states "This document, together with its appendices
>> constitutes the RoEduNetID Federation Policy. The current list
>> of all appendices is available on the website of RoEduNetID Federation
>> (https://eduid.roedu.net/)."
>>
>> I did not find a list of appendices on that web page.
> 
> Re-phrased that section so that if any appendices will be available,
> they will be listed on the website.
> 
>>
>> 2)
>> You may want to fix the typo 3.3: "Prices and payment terms are
>> specified on Fereation website."
>>
> 
> Corrected.
> 
>> I did not find prices and payment terms on the federation website.
> 
> I think it was "Must pay the fees, if any." in front of that, but now we
> removed because we do not charge at all RoEduNet constituency.
> 
>>
>> MRPS
>> ====
>> 1)
>> The document states: "The procedure for becoming a member of the
>> RoEduNetID Federation is documented at https://eduid.roedu.net/.";, in at
>> least two instances.
>>
> 
> Added some information for applicants at https://eduid.roedu.net/membership/
> 
>> The website almost exclusively contains generic descriptions of what
>> eduGAIN is (rather than RoEduNetID, which is strange), and I see no
>> procedures regarding the RoEduNetID membership.
>>
> 
> Trying to adapt the template and insert RoEduNetID specific information,
> eduGAIN general information is now gathered at
> https://eduid.roedu.net/edugain/
> 
>> 2)
>> The document also states in section 4 that RegistrationPolicy SHALL be
>> used (i.e. it is mandatory); while section 2 speaks of the possibility
>> that no RegistrationPolicy is present, calling this out as "historic,
>> undocumented" registration practice. I have the impression that
>> RoEduNetID is a very young federation and does not have any such
>> historic cases. Of course I can't verify that because the metadata for
>> the SAML profile is not visible on the website. Does or does not
>> RoEduNetID have entities with such historic registration practices? If
>> not, the last paragraph of section 2 should be deleted.
> 
> The federation started in 2014, as an informal join of existing IdPs, so
> it is really young compared to eduGAIN members. The setup was done at
> https://sp.roedu.net/ (which is still current and used, maybe some
> upgrade is needed) without any signed agreements. However, there are
> known and verified contacts at each IdP, although 1-2 are unresponsive
> now when we need them to update :)
> We intent to check with every IdP added since then and update to current
> needs.
> 
>>
>> 3)
>> In section 5.3, the last sentence does not parse. It has more opening
>> parentheses than closing ones. Unfortunately in a sentence that
>> describes regular expressions, which creates an actual readability problem.
>>
> 
> Not sure I get this, please advise. That paragraph has 2 groups of ()
> with total 3 x "(" and 3 x ")". Besides a dash, which may be considered
> also as a parenthesis. It is taken from the last template version, as
> another community member (thank you, Peter :) ) mentioned recently. I
> changed a pair of () to [], not sure if this improves readability.
> 
> 
>> Greetings,
>>
>> Stefan Winter
>>
> 
> 
> Best wishes,
> Valeriu.
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0xC0DE6A358A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature