edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Assessment of Slovenia / safeID

From: Chris Phillips <Chris.Phillips AT canarie.ca>
To: Terry Smith <t.smith AT aaf.edu.au>, "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
Subject: Re: [eduGAIN-discuss] Assessment of Slovenia / safeID
Date: Thu, 7 Nov 2019 04:51:27 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=canarie.ca; dmarc=pass action=none header.from=canarie.ca; dkim=pass header.d=canarie.ca; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Yitf11Uv2yUTk1f5eXTga8/1FCw1o5R8K9jAt/dzck=; b=hv+xH0sfMZaGiKZKjpxJX4w+cu3kO6XSb23r4jobkfCZ+lf90sPfz7Unt0XJqNTEwzj/EfGMlglT4j5VyaCzoCYji7uSxu7mlZIqq2vlGJlxQTeWgdkb8BG02gzGTgQYMHN403b1ue1lPhDNMNCQN2RhG/0inIsxaEFoEltbPw0GFw7mvcfqzLXHcVgR8jMk6MAgeG/p6jFfRqPsLAjjNcMf0M/1ZsKJ9h/E4xDbc9kq+2n90tVF2TDRwGjOgjeCEzM3cFyLzRviZAF0foJHz7tOSi8nDbmEC7N/dxxa2izKPp3EuoC+yx+lj4ClCtVvcOO3G1pQHWAGXcziM2niWg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CG6Q2+PY5vO/zscPt4UBp3fxv6jGuNHnqrydPKvzkzdP0wWKpCEy/Jgl+4h14ukoenwuiZe6pxPVdKMrzKQ90x4dZppco9h+jEd5qvyhYvqEkr8kaYFKGSwBaP9kmwBBInkYIcETOUjHuxG/7d5/425+vzkAxQoeGOmyIB5Cies3oknR7WSSqF5PfoB2dcsLP9yzNqR5V/yzKlLs+iDCxdXNNu/1YZWXKIq1avKv1XgkMsZ+BrB1oeGprZua6p8BtyymFhhCoABqO5++OY+57TP/9SKcvqMfnfsiOFHUb2LqL9c6+b2KkCqmMIOg8qmSbwYy5S69nintSA0EH25qVA==
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Chris.Phillips AT canarie.ca;

Hi Terry and others.

It’s good to see the latest content being used for MRPS and leveraging the SUNET tech profile. I do have a question or two though..

Section 3 of the SafeID technology profile[1] has:

All identity providers (home organizations and attribute authorities) MUST fulfll the SAML V2.0 Interoperability Deployment Profle [3].
All service providers SHOULD fulfll the SAML 2.0 Interoperability Deployment Profle [3].

Where [3] is http://saml2int.org/

Are you sure about the MUST statement around *ALL* of saml2int.org for IDPs?

While it sounds good and maybe early on safeID has the opportunity to insist IdPs comply with this it may be challenging given how forward looking saml2int.org is.

SUNET’s latest tech profile[2] may be a good middle ground and uses a SHOULD there and aligning would be much easier and guide IdPs to the right direction overall.

Was the MUST statement intentional for a specific reason?

[1] https://www.safeid.sk/doc/safeID-SAML-WebSSO-Technology-Profile-1.0.pdf

[2] https://www.sunet.se/wp-content/uploads/2015/12/SWAMIDSAMLWebSSOTechnologyProfile-1.0.pdf

From: <edugain-discuss-request AT lists.geant.org> on behalf of Terry Smith <t.smith AT aaf.edu.au>
Reply-To: Terry Smith <t.smith AT aaf.edu.au>
Date: Thursday, October 24, 2019 at 4:20 AM
To: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
Subject: [eduGAIN-discuss] Assessment of Slovenia / safeID

All,

As eduGAIN Chair, I present to you the application of:

· Slovenia / safeID

You can find more detailed information about the federation under "eduGAIN Candidates” at:

https://technical.edugain.org/status.php

which contains links to their policy and MRPS.

I ask the following federations to specifically review the submission by safeID:

· Canada/Canadian Access Federation (CAF)

· Chile/COFRe

· China/CARSI

· Colombia/ColFIRE

· Croatia/AAIEduHr

These federations might feel a sense of déjà vu. That's because back in June 2015, CAF, COFRe and ColFIRE were part of the assessment of safeID (along with Belnet & CAFe - but they are now working on the CSTCloud assessment I sent recently).

For those with access to the eduGAIN Steering Group mailing list archive you can see the original thread at:

https://lists.geant.org/sympa/arc/edugain-sg/2015-06/msg00005.html

and
https://lists.geant.org/sympa/arc/edugain-sg/2017-05/msg00012.html

It would be great to finally end the chapter on the assessment of safeID and complete their eduGAIN membership to support the SANET community.

All eduGAIN members can (and should) provide feedback but the above five (5) federations have a specific responsibility.

If you have any questions please contact the safeID team (Martin Stanislav and Peter Kopáč) who are subscribed to this mailing list.

Formal components of the membership process will be via the eduGAIN Steering Group mailing list.

Thanks,

Terry.

Terry Smith | Technical Engagement and Support Manager | Australian Access Federation Ltd

Mob: 0414 692 424 | Email t.smith AT aaf.edu.au | ORCID: orcid.org/0000-0001-5971-4735

Web: http://www.aaf.edu.au | Support: http://support.aaf.edu.au | Twitter: http://twitter.com/ausaccessfed

Mail: Level 21 179 Turbot Street | Brisbane QLD 4000 | Australia

Image removed by sender.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Re: [eduGAIN-discuss] Assessment of Slovenia / safeID, Chris Phillips, 11/07/2019
- Re: [eduGAIN-discuss] Assessment of Slovenia / safeID, Pål Axelsson, 07-Nov-2019
- Re: [eduGAIN-discuss] Assessment of Slovenia / safeID, Peter Schober, 07-Nov-2019
- Re: [eduGAIN-discuss] Assessment of Slovenia / safeID, Martin Stanislav, 28-Nov-2019