An open discussion list for topics related to the eduGAIN interfederation service.

[Valeriu Vraciu <valeriu AT roedu.net>]

Hello,

On 14/03/19 14:09, Stefan Winter wrote:
> Hello,
> 
> thank your for the good work you put into addressing these comments.
> 
> I only have one non-critical remark remaining :-)
> 
> 1) metadata
> You realise that your federation metadata still has a number of warnings
> in the new Validator?
> 
> https://technical.edugain.org/validator2

I used the other one, no warnings there (more convenient:)

> 
> For seven IdPs,: "mdui:UIInfo found but no mdui:Logo element"
> 
> This is not critical, but while you are in touch with your IdPs for> other 
> mop-up actions, this could be one thing to address with them.

Yes, will add this, thanks.

> 
> Greetings,
> 
> Stefan Winter
> 
> Am 14.03.19 um 12:50 schrieb Valeriu Vraciu:
>> Hello all,
>>
>>
>> I will try to address inline all raised issues by responding separately
>> to each mail. Please help us by analyzing further what other problems
>> exist with our application. Thank you all.
>>
>> On 08/03/19 15:57, Stefan Winter wrote:
>>> Hello,
>>>
>>>> I present to you the application of Romania / RoEduNetID who has signed
>>>> the eduGAIN Declaration, has a policy based on the policy template, is
>>>> self declaring their federation as a production service and is wanting
>>>> to join the global R&E federated environment.
>>>
>>> When I browsed their website and the technical.edugain.org status page,
>>> I noticed they did not declare a metadata URL, and in fact the entire
>>> web page does not show any federation metadata.
>>>
>>> I wonder how that goes together with the self-declared status of
>>> "production": where is the federation, except on paper?
>>
>> Link to federation metadata and signing certificate can now be found at
>> https://eduid.roedu.net/metadata/
>>
>> From completeness point of view, this metadata needs more 2 IdPs, but at
>> this moment they use expired certificates, so are not included in the
>> aggregate.
>>
>>>
>>>> You can find more detailed information about the federation under
>>>> "eduGAIN Candidates” at
>>>>     https://technical.edugain.org/status.php
>>>> which contains links to their policy and MRPS.
>>>
>>> The version of their policy is "0.8"; MRPS is "0.3". Are those the
>>> latest, final versions that should be reviewed? Or is there a 1.0
>>> somewhere, this being an outdated copy?
>>
>> We avoided "Version 1.0" or "final version" because it was
>> expected to receive comments from eduGain community. After this round of
>> assessment and if it will be ok, those docs will be v1.0. For the
>> moment, Policy is version 0.92
>> (https://eduid.roedu.net/wp-content/uploads/2019/03/RoEduNet-Identity_Federation_Policy-v0.92.pdf)
>> and MRPS version 0.7
>> (https://eduid.roedu.net/wp-content/uploads/2019/03/RoEduNet-Metadata_Registration-v0.7.pdf)
>>
>>>
>>> Policy
>>> ======
>>> 1)
>>> The document states "This document, together with its appendices
>>> constitutes the RoEduNetID Federation Policy. The current list
>>> of all appendices is available on the website of RoEduNetID Federation
>>> (https://eduid.roedu.net/)."
>>>
>>> I did not find a list of appendices on that web page.
>>
>> Re-phrased that section so that if any appendices will be available,
>> they will be listed on the website.
>>
>>>
>>> 2)
>>> You may want to fix the typo 3.3: "Prices and payment terms are
>>> specified on Fereation website."
>>>
>>
>> Corrected.
>>
>>> I did not find prices and payment terms on the federation website.
>>
>> I think it was "Must pay the fees, if any." in front of that, but now we
>> removed because we do not charge at all RoEduNet constituency.
>>
>>>
>>> MRPS
>>> ====
>>> 1)
>>> The document states: "The procedure for becoming a member of the
>>> RoEduNetID Federation is documented at https://eduid.roedu.net/.";, in at
>>> least two instances.
>>>
>>
>> Added some information for applicants at 
>> https://eduid.roedu.net/membership/
>>
>>> The website almost exclusively contains generic descriptions of what
>>> eduGAIN is (rather than RoEduNetID, which is strange), and I see no
>>> procedures regarding the RoEduNetID membership.
>>>
>>
>> Trying to adapt the template and insert RoEduNetID specific information,
>> eduGAIN general information is now gathered at
>> https://eduid.roedu.net/edugain/
>>
>>> 2)
>>> The document also states in section 4 that RegistrationPolicy SHALL be
>>> used (i.e. it is mandatory); while section 2 speaks of the possibility
>>> that no RegistrationPolicy is present, calling this out as "historic,
>>> undocumented" registration practice. I have the impression that
>>> RoEduNetID is a very young federation and does not have any such
>>> historic cases. Of course I can't verify that because the metadata for
>>> the SAML profile is not visible on the website. Does or does not
>>> RoEduNetID have entities with such historic registration practices? If
>>> not, the last paragraph of section 2 should be deleted.
>>
>> The federation started in 2014, as an informal join of existing IdPs, so
>> it is really young compared to eduGAIN members. The setup was done at
>> https://sp.roedu.net/ (which is still current and used, maybe some
>> upgrade is needed) without any signed agreements. However, there are
>> known and verified contacts at each IdP, although 1-2 are unresponsive
>> now when we need them to update :)
>> We intent to check with every IdP added since then and update to current
>> needs.
>>
>>>
>>> 3)
>>> In section 5.3, the last sentence does not parse. It has more opening
>>> parentheses than closing ones. Unfortunately in a sentence that
>>> describes regular expressions, which creates an actual readability 
>>> problem.
>>>
>>
>> Not sure I get this, please advise. That paragraph has 2 groups of ()
>> with total 3 x "(" and 3 x ")". Besides a dash, which may be considered
>> also as a parenthesis. It is taken from the last template version, as
>> another community member (thank you, Peter :) ) mentioned recently. I
>> changed a pair of () to [], not sure if this improves readability.
>>
>>
>>> Greetings,
>>>
>>> Stefan Winter
>>>
>>
>>
>> Best wishes,
>> Valeriu.
>>
> 
> 

-- 
Valeriu Vraciu
RoEduNet

Attachment: signature.asc
Description: OpenPGP digital signature