An open discussion list for topics related to the eduGAIN interfederation service.

[Guy Halse <guy AT tenet.ac.za>]

Hi

On 2019/05/23 4:39 PM, Brook Schofield wrote:

I present to you the application of Saudi Arabia / Maeen Identity Federation who has signed the eduGAIN Declaration, has a policy based on the policy template, is self declaring their federation as a production service and is wanting to join the global R&E federated environment.

As requested, I've looked through both the policy and the MRPS, and have some comments. I think the biggest issue from my perspective is that the eligibility criteria are not clear.

Federation policy:

I might have missed it, but I can't find the policy linked anywhere on your web page - unless I know to follow the link from the eduGAIN technical site, I'm not sure how I'd find it.

Section 4 of the policy says the eligibility criteria are defined on the web page, but doesn't give a URL. That leaves me to guess, and the only place I can find that might be appropriate is https://www.maeen.sa/membership/. However that tells me about the benefits of the NREN, but doesn't answer the question "who can connect?". It would be useful to more explicitly define who is eligible to act as an identity provider (usually restrictive) and as a service provider (usually more permissive).

Section 5.1 reads "The Federation Operator presents a recommendation for membership with an evaluation report to Maeen who in turn decides on whether to grant or deny the application.". This makes it sound like Maeen is not the Federation Operator? Do you intend to refer it to a specific steering committee or some other function within Maeen that is somehow different to the Federation Operator?

Section 3.3 refers to Level of Assurance Profiles but doesn't define these or say where they are available.

Section 3.3 also refers to Technology Profiles and refers me to https://www.maeen.sa/services/identity/, but there is nothing called a Technology Profile listed there -- only links to external services, which includes things that would typically not relate to federation technology profiles. Is this a placeholder and technology profiles still need to be developed?

MRPS:

Although the MRPS doesn't form part of the criteria for admission any more, it's useful to look at that too.

As above, I can't see the document linked from your web page (even though it says it is).

Section 3 - same problem as above, it's not clear what the eligibility criteria are.

Section 4: the URL for the <mdrpi:RegistrationPolicy> in your example goes to a non-existant page (404 not found).


Hope that helps,

- Guy

--
Guy Halse
Director Trust & Identity Tertiary Education & Research Network of South Africa NPC Fault Reporting: +27(21)763-7147 or support AT tenet.ac.za
Office: +27(21)763-7102
http://www.tenet.ac.za/contact
https://orcid.org/0000-0002-9388-8592

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature