An open discussion list for topics related to the eduGAIN interfederation service.

[Vladimir Mencl <vladimir.mencl AT reannz.co.nz>]

Hi Thilina,

Thanks for all this work - and sorry about the delay in getting back to 
you; just got back from holidays.

I see most of my concerns have been addressed.

However, I still see several are still pending:

(1) Process for membership (Service Providers)

In my earlier assessment (email of March 15th), I pointed out a mismatch 
between the MRPS (where section 3 says "The checks are conducted with a 
number of official databases including LEARN Member registry.") and the 
Federation Policy (where "any party" can join as Service Provider).

These sections have not changed and it is still not clear how the legal 
name of the federation member would be checked.

(2) Entity Management: using email vs FR

This has not changed either - still, the MRPS says changes should be 
emailed to noc AT learn.ac.lk, while https://liaf.ac.lk/#join points to the 
Federation Registry.


And, federated Login to Federation Registry still gives Internal Server 
Error...

(3) Getting the MRPS

Still, the MRPS points to  https://liaf.ac.lk as the authoritative URL, 
but one has to navigate through "Join" -> "Federation Registry" - this 
is not at all obvious.

(4) And if possible, please make links in the MRPS PDF clickable (had to 
select the link text and paste into a browser)


Otherwise, I'm glad to see the progress made - and look forward to 
hearing from you on the remaining points.

Cheers,
Vlad


On 10/04/19 17:22, Thilina Pathirana - LEARN wrote:
> Dear Vlad and all,
>
> I did some changes to the policy and mrps as per the recommendations and 
> the unpublished documents are
>
> https://liaf.ac.lk/docs/Identity%20Federation%20Policy%20-LIAF%20v1.1.pdf
>
> https://liaf.ac.lk/docs/MRPS-LIAF1.2.pdf
>
> Please check them and if they are ok then I'll publish them.
>
> Also I have updated the key to 4K and the issue with the 
> md:EntitiesDescriptor / Name
>
> But I am stuck and will need some advice on updating the pyff script to 
> add mdrpi:PublicationInfo which gets stripped out during the signing
>
>
> Thanks,
>
> Thilina
>
> On 3/29/19 6:00 AM, Vladimir Mencl wrote:
> > Hi Thilina,
> >
> > Sorry about not getting back to you on this earlier.
> >
> > On 18/03/19 23:33, Thilina Pathirana - LEARN wrote:
> > > > * Section "5. Entity Eligibility and Validation"
> > > >     I see this section deviates from the MRPS template, dropping any
> > > > mention of IdP scope - both the clause in 5.1, and the whole section
> > > > "5.3 Scope Format".
> > > >
> > > >      Was there a particular reason for omitting scope from the MRPS?
> > > I was following the guidelines from
> > > https://wiki.refeds.org/download/attachments/1605645/MRPS-templatev1.pdf?version=2&modificationDate=1516014622994&api=v2 
> > >
> > > and I am not sure there were any dropped parts. Please advice more on 
> > > this.
> >
> > Ah, I see - you've used a slightly earlier template, while I was 
> > looking at the latest (1.1) - as available e.g. at
> >
> > https://github.com/REFEDS/MRPS/blob/master/MRPS-templatev1.1.pdf
> >
> > As the master document is tracked on github, you can see the changes - 
> > the ones I'm referring to are essentially pull request #5:
> >
> > https://github.com/REFEDS/MRPS/pull/5/files
> >
> >
> > I'd recommend adjusting to the latest template.
> >
> > Overall, I'll now leave the feedback with you and I'll wait to hear 
> > from you once the documents are ready for a new round of review.
> >
> > Cheers,
> > Vlad
> --
> Thilina Pathirana
> Network/Systems Engineer
> Technical Assistance Center (TAC)
> Lanka Education And Research Network (LEARN)
> T: +94812003036 | M: +94770055755 | F: +94812385715
> www.learn.ac.lk  |www.thilinapathirana.xyz

--
Vladimir Mencl
Senior Software Engineer

Research & Education
Advanced Network NZ Ltd

M +64 21 997352
E  vladimir.mencl AT reannz.co.nz
www.reannz.co.nz