eduGAIN Steering Group Meeting
Thursday 29th June 2017, 14:30 - 16:00 CEST
|Arrival & "Can you hear me now?" via https://connect.sunet.se/edugain|
Welcome, Introductions & Agenda Agreement
|14:45 CEST||Revision of the eduGAIN Policy Framework|
|15:00 CEST||eIDAS / eduGAIN Collaboration - Christos Kanellopoulos|
Requirementst Gathering for GN4-3 - Ann Harding
Summary of Current Status
Any other Business
Future Steering Group Meetings
Summary, Actions and Close (or we're running over time).
Federations in Attendance (17):
- Brook Schofield, GÉANT
- Alejandro Lara, COFRe
- Ann Harding (SWITCH/GEANT project)
- Ann West, InCommon
- Chris Phillips, CAF
- Christos Kanellopoulos (GÉANT/AARC/GN4)
- Claudio Chacon (MINGA)
- Ioannis Kakavas, GRNET
- Jean Carlo Fusto, CAFe
- Klaas Wierenga, GÉANT CCSO
- Lalla Mantovani (GARR)
- Lukas Hämmerlee, SWITCHaai
- Luiz Coelho, RNP/CAFe
- Maarten Kremers, SURFnet (GN4 JRA3 / T3)
- Marina Adomeit (AMRES/GEANT project)
- Miroslav Milinovic, AAI@eduHr
- Nick Roy, InCommon
- Pål Axelsson, SWAMID
- Rhys Smith, UKfederation
- Shen Yuguo, SGAF/Singapore
- Simon Green, SGAF/Singapore
- Tomasz Wolniewicz, PIONIER
- Valentin, RENAM/LEAF
- Wolfgang Pempe (DFN)
- Zivan Yoash ( IUCC )
- Jan Oppolzer/eduID.cz
- Terry Smith/AAF
Current status - New members and candidates: See https://technical.edugain.org/status and work on progressing new members is underway.
Early in the day the voting completed on Singapore/SGAF joining eduGAIN. Details can be found on the eduGAIN Votes page. Simon and Shen from SGAF have joined this meeting and we welcome them to the eduGAIN community. The Chair will avoid using the abbreviation SG so it isn't confused with the .SG country code or the Steering Group.
Revision of the eduGAIN Policy Framework:
Due to the unavailability of Nicole Harris the work on the SAML WebSSO profile has been delayed. Lukas Hämmerle will be supporting the development of this to a draft for consultation with the wider community. This is expected to rollout throughout August. This will result in "officially" no coverage of SAML within eduGAIN, as the v3 Constitution becomes active on 1st August 2017. It is worth delaying the implementation of the SAML WebSSO profile until the community has a chance to provide feedback (there has already been solicitations of many federations) with the possibility of a grace period covering the implementation of the profile for existing members. Expect a follow-up on the mailing list by Lukas/Nicole shortly.
eIDAS / eduGAIN Collaboration:
Christos Kanellopoulos presented on the options for eIDAS collaboration with eduGAIN. Options for interop:
- Central 'bridge' between eduGAIN as a whole and eIDAS or,
- Each country operating a bridge between national eIDAS and national federation.
The "Central bridge" was preferred by participants and recommended. There are two recent developments:
- ATOS issued a request for input into a student mobility study. (KW and CK met eIDAS to discuss this type of request. We will try to give input into this strategy for student mobility in Europe.)
- AARC project review feedback got a recommendation to make a strategy for how to interact with eIDAS with a view that a common rather than regional approach preferred.
This presentation created some discussion during the meeting particularly whether this was a binding proposal or just a opportunity to continue discussion with eIDAS.
Christos confirmed that there were no discussions on which organisation would operate any infrastructure in this proposed model. It could be GÉANT or NRENs on behalf of the community. However, member states on eIDAS side have not yet said they would accept a central solution. At this point it is more important to engage eIDAS and ensure that the communication flow continues.
The presentation and associated documents on eIDAS provide links to the eIDAS spec. Each member state has a proxy/gateways between countries. Using SAML as basis for cross-border but do not govern national implementation choices. Some countries will OIDC e.g. France. Have defined some SAML extensions which are described in the eduGAIN/eIDAS comparison document. We can use that to interop with them but there is a need to bridge as their implementation is different. A reference implementation of the proxy service is available but local implementations and commercials are expected to deliver the production systems.
Miro questioned the whole use case for eIDAS interoperation. What is the rationale? As he was asked by ATOS if eIDAS would also carry information about students ie. also academic attributes and found this disturbing.
Christos stated that using eGov IDs is considered interesting as all citizens are expected to have one, and therefore by extension, in the academic sector. There are some scenarios where this benefits us e.g. homeless users, or strong authentication. In the EC, some are asking 'since we have eIDAS why do we need eduGAIN'. This is therefore a challenge we cannot ignore. Need to make sure this happens without detrimental effects to our community. Most member states have a push to implement eIDAS so we need to take a position.
Miro noted that eduGAIN goes beyond Europe and how are those federations to interact with eIDAS. Chris asked whether eduGAIN could facilitate the bridge between North American IDS to sign into eIDAS services? Christos stated that it is an important point in discussion with eIDAS (global scope) and that we need to have a strategy to engage with eIDAS or they will decide for us. While it is known there are some issues with some eIDAS choices we still need to engage before the 2018 full production for eIDAS. Better to be engaged/active and noted that eID projects have previously even tried to run academic pilots without our engagement.
Maarten reiterated that having a single opinion/voice from eduGAIN would be useful toward the eIDAS project.
Future concrete steps to integrate eIDAS with eduGAIN will return to the Steering Group for discussion and a formal vote on the specifics of the integration.
The Chair noted that there was significant endorsement in the meeting for the central proxy model from eduGAIN members within and beyond Europe.
[ACTION20170629-01] Christos to provide a wrap up email to the Steering Group list to solicit further input before returning to eIDAS.
[ACTION20170629-02] Steering Group members to look thought the proposal documents and consider if there is consensus on how to interact with eIDAS.
The above action was to form an initial position for Christos to take when discussing with eIDAS and Steering Group members will have until 6 July 2017 to provide initial discussion (if no commentary is received at this point then the discussion is concluded and Christos is free to engage eIDAS on Friday 7th July, if there is discussion then feedback will be open for a further week - until 13 July). NB: No discussion was provided on or off list to Christos' summary email.
Requirements Gathering for GN4-3:
Ann Harding described the GÉANT Project cycles and services (such as eduGAIN) that extend beyond the period of a single funding cycle. Currently we are within GN4-2 and GN4-3 is the next phase which is currently being planned. A "white paper" is due at the end of the year to discuss the "future" and this work will be co-ordinated by AH, MA, KW. See https://wiki.geant.org/display/gn43tip/ for more information. There will be various work items that might best belong in GN4-2, REFEDS, AARC or another project. Don't concern yourself with where these ideas ultimately belong - there will be discussion with the entire community to best place these requests for work.
Chris Phillips asked if there an eduGAIN roadmap available? Federation might be much more influenced by the direction of eduGAIN if they don't have a roadmap of their own. Ann stated that the Policy and BCP work, which will also include contributions from Nicole specifically on the SAML WebSSO profile, will feed into this roadmap. There is both technical and service roadmap work planned to be consolidated. The REFEDS survey also collects this information. Some federations indicated that they have long term strategic roadmaps - but not necessarily concrete workplans. References to strategic aims and developments that need visibility or implementation are also welcome.
Any other Business:
There was significant commentary during the meeting on the quality of the audio - and the various drop outs caused significant disruption for many participants in being able to follow the conversation. An alternative conferencing system supporting audio, video (lower priority), screen/presentation sharing, chat and notes will be investigated (and tested) prior to the next meeting.
- Virtual Meeting in August/September 2017 (Physical component at APAN44)
- GN4 Symposium, Hungary - 3-4 October 2017
- Internet2 TechEx - 15-18 October 2017
- Virtual Meeting in October 2017
- DI4R, Belgium - 30 Nov & 1st December 2017
- Virtual Meeting in December 2017
- eduGAIN Town Hall - end 2017/early 2018