edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership
Chronological Thread
- From: "Naser A. Almesad" <nalmesad AT maeen.sa>
- To: Rhys.Smith AT jisc.ac.uk, Guy Halse <guy AT tenet.ac.za>, Muhammad Farhan SJAUGI <farhan AT perdanauniversity.edu.my>
- Cc: edugain-discuss AT lists.geant.org, "Mohamad M. Al-Ghamdi" <malghamdi AT maeen.sa>, brook schofield <brook.schofield AT geant.org>
- Subject: Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership
- Date: Tue, 28 May 2019 16:27:11 +0300 (AST)
Hi,
Below our reply to your comments, please let us know if you have any other comments.
Thank you all
Naser
"Rhys Smith" <Rhys.Smith AT jisc.ac.uk>
====================================
> Policy:
> * Federation Policy refers to Technology Profiles (e.g. end of page 5), but no technology profiles are defined.
https://www.maeen.sa/services/identity web page now updated.
> * Eligibility - says the criteria are “fully described” on the Main Federation website. But all I can find is a list of examples on https://www.maeen.sa/membership/ - which is not really a fully described criteria.
https://www.maeen.sa/services/identity web page now updated.
> Website:
> * On https://www.maeen.sa/services/identity/ you list eduGAIN - but also InCommon (as being similar to eduGAIN). What’s the reason for that? There are currently 59 other national identity federations that are members of eduGAIN, so > really you should either list all of them, or none of them. Obviously not a major issue, but struck me as a bit strange.
InCommon Removed
> * The link on https://www.maeen.sa/membership/ to “more information about membership application” doesn’t work.
This membership if for Maeen NREN membership, Federation joining located in https://www.maeen.sa/services/identity
"Guy Halse" <guy AT tenet.ac.za>
=============================
Federation policy:
> I might have missed it, but I can't find the policy linked anywhere on your web page - unless I know to follow the link from the eduGAIN technical site, I'm not sure how I'd find it.
https://www.maeen.sa/services/identity web page now updated.
> Section 4 of the policy says the eligibility criteria are defined on the web page, but doesn't give a URL. That leaves me to guess, and the only place I can find that might be appropriate is https://www.maeen.sa/membership/. However > > that tells me about the benefits of the NREN, but doesn't answer the question "who can connect?". It would be useful to more explicitly define who is eligible to act as an identity provider (usually restrictive) and as a service > > provider (usually more permissive).
https://www.maeen.sa/services/identity web page now updated.
> Section 5.1 reads "The Federation Operator presents a recommendation for membership with an evaluation report to Maeen who in turn decides on whether to grant or deny the application.". This makes it sound like Maeen is not the > Federation Operator? Do you intend to refer it to a specific steering committee or some other function within Maeen that is somehow different to the Federation Operator?
Yes we will refer it to Maeen Steering Committee, since Maeen is the NREN and Maeen Federation is the service
> Section 3.3 also refers to Technology Profiles and refers me to https://www.maeen.sa/services/identity/, but there is nothing called a Technology Profile listed there -- only links to external services, which includes things that would typically not relate to federation technology profiles. Is this a placeholder and technology profiles still need to be developed?
It is already developed but wasn’t added to Maeen website
https://www.maeen.sa/services/identity web page now updated.
> MRPS:
> Although the MRPS doesn't form part of the criteria for admission any more, it's useful to look at that too.
> As above, I can't see the document linked from your web page (even though it says it is).
> Section 3 - same problem as above, it's not clear what the eligibility criteria are.
https://www.maeen.sa/services/identity web page now updated.
> Section 4: the URL for the <mdrpi:RegistrationPolicy> in your example goes to a non-existant page (404 not found).
Document updated
"Muhammad Farhan SJAUGI" <farhan AT perdanauniversity.edu.my>
===========================================================
> My general impression of this assessment is the candidate is not ready to be assessed as majority of the assessment parameters (e.g. technical profiles, metadata feed, existing federation members, etc.) are not available. I am afraid > this could make the assessment process difficult and longer. If a vote were happening now, I would simply vote for deny/reject.
https://www.maeen.sa/services/identity web page now updated.
And regarding technical information (e.g. metadata, certs, signatures, etc …) we already build it, and now in the pre-production phase.
> 1. Website
> There are not much information specifically about identity federation service beside the general definition and benefit. No information about how an organization could be part of maeen federation also no information about the > technical aspect and policy documents in order to be connected with the maeen federation (e.g. federation metadata url, signing key, recommended attributes, federation policies, etc.). Also, I agree Rhys, what incommon has to do with > maeen federation? and the statement "Maeen will be federated with the following services" (including incommon), does it means Maeen would like to have an exclusive connection with InCommon?
InCommon Removed
https://www.maeen.sa/services/identity web page now updated.
====================================
> Policy:
> * Federation Policy refers to Technology Profiles (e.g. end of page 5), but no technology profiles are defined.
https://www.maeen.sa/services/identity web page now updated.
> * Eligibility - says the criteria are “fully described” on the Main Federation website. But all I can find is a list of examples on https://www.maeen.sa/membership/ - which is not really a fully described criteria.
https://www.maeen.sa/services/identity web page now updated.
> Website:
> * On https://www.maeen.sa/services/identity/ you list eduGAIN - but also InCommon (as being similar to eduGAIN). What’s the reason for that? There are currently 59 other national identity federations that are members of eduGAIN, so > really you should either list all of them, or none of them. Obviously not a major issue, but struck me as a bit strange.
InCommon Removed
> * The link on https://www.maeen.sa/membership/ to “more information about membership application” doesn’t work.
This membership if for Maeen NREN membership, Federation joining located in https://www.maeen.sa/services/identity
"Guy Halse" <guy AT tenet.ac.za>
=============================
Federation policy:
> I might have missed it, but I can't find the policy linked anywhere on your web page - unless I know to follow the link from the eduGAIN technical site, I'm not sure how I'd find it.
https://www.maeen.sa/services/identity web page now updated.
> Section 4 of the policy says the eligibility criteria are defined on the web page, but doesn't give a URL. That leaves me to guess, and the only place I can find that might be appropriate is https://www.maeen.sa/membership/. However > > that tells me about the benefits of the NREN, but doesn't answer the question "who can connect?". It would be useful to more explicitly define who is eligible to act as an identity provider (usually restrictive) and as a service > > provider (usually more permissive).
https://www.maeen.sa/services/identity web page now updated.
> Section 5.1 reads "The Federation Operator presents a recommendation for membership with an evaluation report to Maeen who in turn decides on whether to grant or deny the application.". This makes it sound like Maeen is not the > Federation Operator? Do you intend to refer it to a specific steering committee or some other function within Maeen that is somehow different to the Federation Operator?
Yes we will refer it to Maeen Steering Committee, since Maeen is the NREN and Maeen Federation is the service
> Section 3.3 also refers to Technology Profiles and refers me to https://www.maeen.sa/services/identity/, but there is nothing called a Technology Profile listed there -- only links to external services, which includes things that would typically not relate to federation technology profiles. Is this a placeholder and technology profiles still need to be developed?
It is already developed but wasn’t added to Maeen website
https://www.maeen.sa/services/identity web page now updated.
> MRPS:
> Although the MRPS doesn't form part of the criteria for admission any more, it's useful to look at that too.
> As above, I can't see the document linked from your web page (even though it says it is).
> Section 3 - same problem as above, it's not clear what the eligibility criteria are.
https://www.maeen.sa/services/identity web page now updated.
> Section 4: the URL for the <mdrpi:RegistrationPolicy> in your example goes to a non-existant page (404 not found).
Document updated
"Muhammad Farhan SJAUGI" <farhan AT perdanauniversity.edu.my>
===========================================================
> My general impression of this assessment is the candidate is not ready to be assessed as majority of the assessment parameters (e.g. technical profiles, metadata feed, existing federation members, etc.) are not available. I am afraid > this could make the assessment process difficult and longer. If a vote were happening now, I would simply vote for deny/reject.
https://www.maeen.sa/services/identity web page now updated.
And regarding technical information (e.g. metadata, certs, signatures, etc …) we already build it, and now in the pre-production phase.
> 1. Website
> There are not much information specifically about identity federation service beside the general definition and benefit. No information about how an organization could be part of maeen federation also no information about the > technical aspect and policy documents in order to be connected with the maeen federation (e.g. federation metadata url, signing key, recommended attributes, federation policies, etc.). Also, I agree Rhys, what incommon has to do with > maeen federation? and the statement "Maeen will be federated with the following services" (including incommon), does it means Maeen would like to have an exclusive connection with InCommon?
InCommon Removed
https://www.maeen.sa/services/identity web page now updated.
تحذير: هذه الرسالة وما تحويه من مرفقات (إن وجدت) تمثل وثيقة سرية قد تحتوي على معلومات محمية بموجب القانون. إذا لم تكن الشخص المعني بهذه الرسالة فيجب عليك تنبيه المُرسل بخطأ وصولها إليك، وحذف الرسالة ومرفقاتها (إن وجدت)، ولا يجوز لك نسخ أو توزيع هذه الرسالة أو مرفقاتها (إن وجدت) أو أي جزء منها، أو البوح بمحتوياتها للغير أو استعمالها لأي غرض. علماً بأن فحوى هذه الرسالة ومرفقاتها (ان وجدت) تعبر عن رأي المُرسل وليس بالضرورة رأي مدينة الملك عبدالعزيز للعلوم والتقنية بالمملكة العربية السعودية، ولا تتحمل المدينة أي مسئولية عن الأضرار الناتجة عن ما قد يحتويه هذا البريد.
Warning: This message and its attachment, if any, are confidential and may contain information protected by law. If you are not the intended recipient, please contact the sender immediately and delete the message and its attachment, if any. You should not copy the message and its attachment, if any, or disclose its contents to any other person or use it for any purpose. Statements and opinions expressed in this e-mail and its attachment, if any, are those of the sender, and do not necessarily reflect those of King Abdulaziz city for Science and Technology (KACST) in the Kingdom of Saudi Arabia. KACST accepts no liability for any damage caused by this email.
- [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Brook Schofield, 23-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Rhys Smith, 23-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Guy Halse, 23-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Muhammad Farhan SJAUGI, 23-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Naser A. Almesad, 24-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Naser A. Almesad, 05/28/2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Guy Halse, 28-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Suhaimi Napis, 28-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Naser A. Almesad, 29-May-2019
- Sv: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Pål Axelsson, 29-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Naser A. Almesad, 29-May-2019
- Sv: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Pål Axelsson, 29-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Naser A. Almesad, 29-May-2019
- Sv: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Pål Axelsson, 29-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Naser A. Almesad, 29-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Guy Halse, 28-May-2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Naser A. Almesad, 05/28/2019
- Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership, Naser A. Almesad, 24-May-2019
Archive powered by MHonArc 2.6.19.