An open discussion list for topics related to the eduGAIN interfederation service.

["Ping CHEN" <pchen AT pku.edu.cn>]

Dear Василий Порхачёв,

 

Thank you very much for your comments.  I add my words under yours.

 

About carsi, it’s in pilot for quite a long time. Now, under the support of CERNET corporation, it’s in the stage of transferring to a production. The metadata published on www.carsi.edu.cn is the old version. The new version and corresponding registration and management system is under development. After eduGAIN review, the idps and sps in the old version will be added to the new one by one, so the new version is a totally new start and federation policy will be conducted in it as well.

 

Your comments are very valuable to us and the reasonable advises will be adopted in the new version.

 

 

Thanks to everyone and best wishes,

 

PING

 

发件人: edugain-discuss-owner AT lists.geant.org <edugain-discuss-owner AT lists.geant.org> 代表 Василий Порхачёв
发送时间: Friday, March 15, 2019 9:56 PM
收件人: 'Brook Schofield' <brook.schofield AT geant.org>; edugain-discuss AT lists.geant.org
抄送: 'gaoyan' <gaoyan AT cernet.com>; 'CHEN PING' <pchen AT pku.edu.cn>
主题: RE: [eduGAIN-discuss] Assessment of China / CARSI for eduGAIN membership

 

Dear all,

 

We had looked through the CARSI documents and metadata.

Some notes:

CARSI: CERNET (China Education and Research NETwork) Authentication and Resource Sharing Infrastructure Identity Federation Policy

·         The name of the Federation uses term “Resource Sharing”. But there’s no definition of it in sec. 1. We think it should be defined.

 

-------------->>added.

 

CARSI Identity Federation Metadata Registration Practice Statement

·         “5.2 https-scheme URIs are RECOMMENDED to all members.” – shouldn’t we insist on https schema?

-------------->> Great idea. We delete http in the new version published on www.carsi.edu.cn.

·         There’s 4) Metadata Format – but not a single line with mdrpi:RegistrationPolicy in the metadata https://www.carsi.edu.cn/carsimetadata/carsifed-metadata.xml
and only one line with registrationAuthority and that about Elseiver with UK federation as Registrar.

-------------->> https://www.carsi.edu.cn/carsimetadata/carsifed-metadata.xml is an old version carsi which is a pilot. The new and production version is under construction which will contain the following mdrpi part for each idp or sp. The new version will be published after eduGAIN review and we plan to upgrade carsi online registration and management system by the review comments.

<mdrpi:RegistrationInfo
    registrationAuthority="https://www.carsi.edu.cn"
    registrationInstant="2016-11-29T13:39:41Z">
    <mdrpi:RegistrationPolicy xml:lang="en">
        https://www.carsi.edu.cn/docs/CARSI-MRPS-en.pdf
    </mdrpi:RegistrationPolicy>
</mdrpi:RegistrationInfo>

 

 CARSI Attribute Profile

·         We remember the discussion on attribute eduPersonAffiliation and there was a decision of SG to eliminate some values from the CARSI list

 

-------------->> The attribute profile is another issue we discussed a lot locally as well. We just copied this document from the template. But from our carsi pilot experience in the past ten years, only eduPersonPrincipalName, eduPersonScopedAffiliation, mail, and uid are widely used. If it’s ok to release only these four. We prefer that.

 

CARSI Service Provider Management Standard

·         “3g [Metadata Accuracy] The Service Provider Organization MUST provide accurate metadata to CARSI Identity Federation, and agrees to notify CARSI Federation as soon as possible when the metadata changes.”
Notify – that’s not enough as this SP entity should deleted from the federation metadata by operator asap.

-------------->> Any better advices are very very appreciated.

 

KR

Vasiliy Porhachev, Ilya Vasilyev
RUNNetAAI

 

 

 

From: edugain-discuss-request AT lists.geant.org [mailto:edugain-discuss-request AT lists.geant.org] On Behalf Of Brook Schofield
Sent: Wednesday, March 13, 2019 10:55 AM
To: edugain-discuss AT lists.geant.org
Cc: gaoyan; CHEN PING
Subject: [eduGAIN-discuss] Assessment of China / CARSI for eduGAIN membership

 

All,

I present to you the application of China / CARSI who has signed the eduGAIN Declaration, has a policy based on the policy template, is self declaring their federation as a production service and is wanting to join the global R&E federated environment.

You can find more detailed information about the federation under "eduGAIN Candidates” at
    https://technical.edugain.org/status.php
which contains links to their policy and MRPS.

 

Directly available from: https://www.carsi.edu.cn/join_en.htm

 * Policy: https://www.carsi.edu.cn/docs/identity_federation_policy_en.pdf

 * MRPS: https://www.carsi.edu.cn/docs/CARSI-MRPS-en-20181224.pdf

This application is from an organisation that is closely aligned with the GÉANT community via their participation in the Asi@Connect project and has been a long supporter of TF-IAM activities within APAN to support their participation in eduGAIN.

 

So I ask the following federations to specifically review the submission by CARSI:

 * Norway / FEIDE

 * Oman / KID

 * Poland / PIONIER.Id

 * Portugal / RCTSaai

 * Russia / RUNNet AAI

 

All eduGAIN members can (and should) provide feedback on this but to share the burden of review around, these five (5) federations have a specific responsibility.

If you have any questions please contact the CARSI team that are subscribed to this mailing list as well as CC’d to this message.

Formal components of the membership process will be via the eduGAIN Steering Group mailing list.

 

Brook Schofield
eduGAIN Steering Group Chair
GÉANT

M: +31651553991 
Skype: brookschofield