edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Muhammad Farhan SJAUGI <farhan AT perdanauniversity.edu.my>
- To: Thilina Pathirana - LEARN <thilina AT learn.ac.lk>
- Cc: Vladimir Mencl <vladimir.mencl AT reannz.co.nz>, edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership
- Date: Fri, 10 May 2019 16:00:13 +0800
Hi Thilina,
Here is my additional comments:
1. IdP Registration form (https://liaf.ac.lk/docs/Application_Identity_Federation_IDP.pdf)
In a SAML federation, usually an entity (including IdP) is identified by an ID called Entity ID instead of a realm like in eduroam.
The Entity ID is written in URI format (e.g. https://idp.university.edu/idp/shibboleth). Hence, I think it is better to ask the IdP to
provide their Entity ID rather their realm.
2. SP Registration form (https://liaf.ac.lk/docs/Application_Identity_Federation_SP.pdf)
Similar like the point 1 above, SP' Entity ID is more meaningful rather than SP FQDN.
3. Participant page (https://liaf.ac.lk/#participants)
When I visited the following url: https://indico.learn.ac.lk/shibboleth , it shows "page not found" instead of the main page of the indico service. Perhaps the link is for Indico's entity id instead of Indico's service URL
4. Federation Policy (https://liaf.ac.lk/docs/Identity%20Federation%20Policy%20-LIAF%20v1.1.pdf)
The formatting is a bit off, perhaps you should make it looks more tidy.
Regards
--
Muhammad Farhan SJAUGI, S.Kom. M.Sc.
Senior Lecturer | Centre for Computing - Centre for Bioinformatics | School of Data Sciences
Perdana University | Block D1, MAEPS Building, MARDI Complex, Jalan MAEPS Perdana, Serdang 43400, Selangor D.E. Malaysia
Tel: (60) 3-89418646 (ext: 384) GMT+8h | Fax: (60) 3-89417661 | Email: farhan AT perdanauniversity.edu.my
Homepage: http://puws.perdanauniversity.edu.my/muhammad-farhan-sjaugi/
On Thu, May 9, 2019 at 6:09 PM Thilina Pathirana - LEARN <thilina AT learn.ac.lk> wrote:
Dear Vlad,
I have done those changes in the website ( https://liaf.ac.lk ) and can
you please check it.
Thanks
Thilina
On 5/1/19 10:32 AM, Vladimir Mencl wrote:
>
> Hi Thilina,
>
> Thanks for all this work - and sorry about the delay in getting back
> to you; just got back from holidays.
>
> I see most of my concerns have been addressed.
>
> However, I still see several are still pending:
>
> (1) Process for membership (Service Providers)
>
> In my earlier assessment (email of March 15th), I pointed out a
> mismatch between the MRPS (where section 3 says "The checks are
> conducted with a number of official databases including LEARN Member
> registry.") and the Federation Policy (where "any party" can join as
> Service Provider).
>
> These sections have not changed and it is still not clear how the
> legal name of the federation member would be checked.
>
> (2) Entity Management: using email vs FR
>
> This has not changed either - still, the MRPS says changes should be
> emailed to noc AT learn.ac.lk, while https://liaf.ac.lk/#join points to
> the Federation Registry.
>
>
> And, federated Login to Federation Registry still gives Internal
> Server Error...
>
> (3) Getting the MRPS
>
> Still, the MRPS points to https://liaf.ac.lk as the authoritative
> URL, but one has to navigate through "Join" -> "Federation Registry" -
> this is not at all obvious.
>
> (4) And if possible, please make links in the MRPS PDF clickable (had
> to select the link text and paste into a browser)
>
>
> Otherwise, I'm glad to see the progress made - and look forward to
> hearing from you on the remaining points.
>
> Cheers,
> Vlad
>
>
> On 10/04/19 17:22, Thilina Pathirana - LEARN wrote:
>> Dear Vlad and all,
>>
>> I did some changes to the policy and mrps as per the recommendations
>> and the unpublished documents are
>>
>> https://liaf.ac.lk/docs/Identity%20Federation%20Policy%20-LIAF%20v1.1.pdf
>>
>>
>> https://liaf.ac.lk/docs/MRPS-LIAF1.2.pdf
>>
>> Please check them and if they are ok then I'll publish them.
>>
>> Also I have updated the key to 4K and the issue with the
>> md:EntitiesDescriptor / Name
>>
>> But I am stuck and will need some advice on updating the pyff script
>> to add mdrpi:PublicationInfo which gets stripped out during the signing
>>
>>
>> Thanks,
>>
>> Thilina
>>
>> On 3/29/19 6:00 AM, Vladimir Mencl wrote:
>>>
>>> Hi Thilina,
>>>
>>> Sorry about not getting back to you on this earlier.
>>>
>>> On 18/03/19 23:33, Thilina Pathirana - LEARN wrote:
>>>>> * Section "5. Entity Eligibility and Validation"
>>>>> I see this section deviates from the MRPS template, dropping any
>>>>> mention of IdP scope - both the clause in 5.1, and the whole section
>>>>> "5.3 Scope Format".
>>>>>
>>>>> Was there a particular reason for omitting scope from the MRPS?
>>>> I was following the guidelines from
>>>> https://wiki.refeds.org/download/attachments/1605645/MRPS-templatev1.pdf?version=2&modificationDate=1516014622994&api=v2
>>>>
>>>> and I am not sure there were any dropped parts. Please advice more
>>>> on this.
>>>
>>> Ah, I see - you've used a slightly earlier template, while I was
>>> looking at the latest (1.1) - as available e.g. at
>>>
>>> https://github.com/REFEDS/MRPS/blob/master/MRPS-templatev1.1.pdf
>>>
>>> As the master document is tracked on github, you can see the changes
>>> - the ones I'm referring to are essentially pull request #5:
>>>
>>> https://github.com/REFEDS/MRPS/pull/5/files
>>>
>>>
>>> I'd recommend adjusting to the latest template.
>>>
>>> Overall, I'll now leave the feedback with you and I'll wait to hear
>>> from you once the documents are ready for a new round of review.
>>>
>>> Cheers,
>>> Vlad
>>>
>>>
>> --
>> Thilina Pathirana
>> Network/Systems Engineer
>> Technical Assistance Center (TAC)
>> Lanka Education And Research Network (LEARN)
>> T: +94812003036 | M: +94770055755 | F: +94812385715
>> www.learn.ac.lk |www.thilinapathirana.xyz
>>
>
--
Thilina Pathirana
Network/Systems Engineer
Technical Assistance Center (TAC)
Lanka Education And Research Network (LEARN)
T: +94812003036 | M: +94770055755 | F: +94812385715
www.learn.ac.lk | www.thilinapathirana.xyz
DISCLAIMER: This e-mail and any files transmitted with it ("Message") is intended only for the use of the recipient(s) named above and may contain confidential information. You are hereby notified that the taking of any action in reliance upon, or any review, retransmission, dissemination, distribution, printing or copying of this Message or any part thereof by anyone other than the intended recipient(s) is strictly prohibited. If you have received this Message in error, you should delete this Message immediately and advise the sender by return e-mail. Opinions, conclusions and other information in this Message that do not relate to the official business of Perdana University shall be understood as neither given nor endorsed by any of the forementioned.
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Vladimir Mencl, 01-May-2019
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Thilina Pathirana - LEARN, 09-May-2019
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Muhammad Farhan SJAUGI, 05/10/2019
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Thilina Pathirana - LEARN, 20-May-2019
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Vladimir Mencl, 15-May-2019
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Thilina Pathirana - LEARN, 20-May-2019
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Muhammad Farhan SJAUGI, 05/10/2019
- <Possible follow-up(s)>
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Brook Schofield, 24-May-2019
- Re: [eduGAIN-discuss] Assessment of Sri Lanka / LIAF for eduGAIN membership, Thilina Pathirana - LEARN, 09-May-2019
Archive powered by MHonArc 2.6.19.