edugain policy comments

[Thomas Lenggenhager <lenggenhager AT switch.ch>]

Here my comments on the draft constitution from 1 July 2010.

Regards,
Thomas

A more general comment:
The currently used set of terms 'Policy', 'Declaration', 'Constitution'
is in my view not well suited to quickly understand how that fits together.
Which of these terms will in the future mostly be used? Probably the
Policy, so it should also be explicitly be mentioned in the declaration
and not just a reference to the constitution.
Could we use the 'policy declaration'?

For me constitution sound very much like government level. How about the
term 'charter' instead?

For newcomers it should be made as simple as possible to understand
about what we talk and not as complicated as possible. In the end, an
easy to understand structure will be easier to sell.

We could simplify a couple of sentences by introducing the term Entity
for Home Organisations/Identity Providers and Service Providers.
Entity: Entity means a service described with a SAML 2 EntityDescription
and registered in a Participant Federation.


line 78:
how the eduGAIN confederation  ('the' missing)


line 79-82:
The term 'eduGAIN Policy' refers to these three parts:
- the eduGAIN Policy Declaration
- this eduGAIN constitution/charter
- the profiles supplementing this eduGAIN constitution/charter.
The Participant Federations have committed to the Policy once they
signed the Policy Declaration to join eduGAIN.
[Align it also in the 1.2 Terms section.]


line 85-87:
now:
eduGAIN is a confederation that interconnects Participant Federations,
representing primarily education and research in a certain country.

new:
eduGAIN is a confederation that enables Participant Federations to
inter-federate. Participant Federations primarily represent national
education and research sectors.


line 95: Terms
Do we really want to speak from membership in eduGAIN? Is not the
already used term participants more appropriate? What do we gain wehen
we introduce also the term member in parallel to participant federation?
Or we could use member, but also Member Federation instead of
Participant Federation.

now:
Participant Federation
A Federation which has been granted membership of eduGAIN as defined in
this constitution

new:
Participant Federation
A Federation which joined eduGAIN as defined in chapter 3.

now:
NREN PC
The Policy Committee of the GÉANT network and project, which consists of
appointed representatives from each partner in the project. It meets at
least three times a year, and is responsible for setting and overseeing
overall policy of the GÉANT network and project

new:
NREN PC
The Policy Committee of the GÉANT network and project, which consists of
appointed representatives from each partner in the project. It is
responsible for setting and overseeing overall policy of the GÉANT
network and project

now:
TSG
Technical Steering group, as introduced in this document
OT
Operational team, as introduced in this document

new:
TSG
eduGAIN Technical Steering Group, as defined in section 2.2
OT
eduGAIN Operational Team, as defined in section 2.3


line 100-102:
now:
1.3. Goal
The goal of eduGAIN is to support the constituency of National Research
and Education Networks by operating a confederation interconnecting
Participant Federations.

new:
1.3. Goal
The goal of eduGAIN is to support the constituency of National Research
and Education Networks by operating a confederation which enables the
Participant Federations to inter-federate.


line 113:
what does this mean 'other tasks defined in the Policy.' specifically?
If anything gets added to the constitution, this bullet list can be
expanded, so only supplementing profiles could include further tasks
since the declaration shall not be changed at all.
How about:
Other tasks delegated to the NREN PC in supplementing profiles.


line 115-116:
Why do we need a two year term for the TSG? That is ongoing and
delegates get replaced once a Participant Federation wishes to.
Should we also require a name of a deputy delegate per Participant
Federation?


line 139-141:
now:
have an appropriate mechanism to ensure that only Identity and Service
Providers conforming to the Policy are exposed to eduGAIN. As a
clarification, Participant Federations do not have to expose all their
Providers to eduGAIN.

new:
have an appropriate mechanism to ensure that only Entities which
opted-in and are in conformance with the Policy are exposed to eduGAIN.


line 145-146:
now:
1. To apply for membership, the applicant Federation signs the
inter-federation declaration and presents it to OT.
2. OT confirms that the applicant Federation fulfils the requirements above.
new:
1. To apply for membership, the applicant Federation signs the eduGAIN
Policy Declaration and presents it to OT.
2. OT confirms that the applicant Federation fulfils the requirements in
section 3.2.


line 155-159:
now:
Membership in a Federation that is a Participant Federation in eduGAIN
confederation does not imply any right of communication between any
particular Identity Provider and Service Provider.
An individual Participant Federation or Home Organisation MAY decide not
to communicate with a Service Provider registered to eduGAIN. An
individual Participant Federation or Service Provider MAY decide not to
communicate with an Identity Provider registered to eduGAIN.

new:
For an Entity registered in an eduGAIN Participant Federation it does
not imply any right of communication with any other Entity exposed to
eduGAIN.
An individual Participant Federation or Home Organisation MAY decide not
to communicate with a Service Provider exposed to eduGAIN. An individual
Participant Federation or Service Provider MAY decide not to communicate
with an Identity Provider exposed to eduGAIN.


line 162-163:
now:
it MUST notify its own members with sufficient notice to allow them to
make alternative arrangements with any Identity and Service Providers in
other Participant Federations,
new
it MUST notify its own Entities with sufficient notice to allow them to
make alternative arrangements with Entities which other Participant
Federations exposed to eduGAIN,

line 166:
Section 3.6 Policy violation.
It must also be mentioned that the OT informs all other Participating
Federations on their actions taken as described in lines 172-174.
Based on such information, Participating Federations could already plan
or take own measures if deemed necessary.


line 183-184:
now:
A common definition of attributes will be covered in the Policy.

new:
A common definition of attributes will be covered in a supplementing
profile.


line 189-190:
now:
Guidelines and instructions assisting Home Organisations and Service
Providers will be covered in the Policy.

new:
Guidelines and instructions assisting Entities will be covered in a
supplementing profile.


line 204:205:
now:
Further guidelines on authentication and user information quality will
be covered in the Policy.

new:
Further guidelines on authentication and user information quality will
be covered in a supplementing profile.


line 209:
What does eduGAIN operations mean?
It surely should not imply that services operated by Participating
Federations are part of eduGAIN operations. Otherwise DANTE could not
just agree with OT on audits :-)

now:
DANTE agrees with OT on audits of the eduGAIN operations.

new:
DANTE agrees with OT on audits of eduGAIN operations like the centrally
provided services and related processes.


-- 
SWITCH
Serving Swiss Universities
--------------------------
Thomas Lenggenhager
P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 1505  direct +41 44 268 1541
http://www.switch.ch