eduGAIN Steering Group Meeting

Monday 6th August 2018, 17:00 - 17:50 NZST (in your timezone)

Please Note that the above time is CONFIRMED.

04:45 UTC
16:45 NZST

Arrival & "Can you hear me now?" (see Connection Details)

05:00 UTC
17:00 NZST

Welcome, Introductions & Agenda Agreement

05:15 UTC
17:15 NZST

Membership Updates and Joining
    • Pipeline and process for new members (eduGAIN 101)
    • 53 participant members / 6 members / 12 candidates
    • New Members
      • Morocco (participating)
      • CAFMoz (metadata signing verification required)
    • Candidates Under Assessment (3)
      • Russia/фEDUrus (major changes suggested)
      • Oman/OMREN Fed (minor changes suggested)
      • Zambia/FIDERN (minor changes suggested)
05:30 UTC
17:30 NZST

eduGAIN Support and Mentoring

05:40 UTC
17:40 NZST

Future SG Meetings

  • Conflict/Changes to 2018 meeting dates/times?
  • Next meeting @ Tuesday 25th September 2018 via VC
05:45 UTC
17:45 NZST

Any other business, Summary and Actions.

05:50 UTC
17:50 NZST

Meeting Close (as there is an official event we need to vacate this room for).

Connection Details


Federations in Attendance (17)

  2. GRNET
  3. Tuakiri
  4. AAF
  6. UKAF
  7. GRNET
  8. HKAF
  10. RENA
  11. IR Fed
  12. LEAF
  13. Oman KID
  14. SGAF
  17. GakuNin
  18. *OMREN Federation
  19. *CARSI

*Not a member.

Attendees (45)

  1. Brook Schofield, GÉANT
  2. Thomas Lenggenhager, SWITCH
  3. Zenon Mousmoulas, GRNET
  4. Sat Mandri, REANNZ Tuakiri
  5. Vladimir Mencl, REANNZ Tuakiri
  6. Terry Smith, AAF
  7. Dalia Abraham, AAF
  8. Guy Halse, SAFIRE

  9. Rhys Smith, UKAF

  10. Zenon Mousmoulas, GRNET

  11. Toby Chan, HKAF

  12. Thomasz Wolniewicz, PIONIER

  13. Maja Goredka-Wolniewicz, PIONIER

  14. Nicholas Mbonimpa, RENU
  15. Saeed Khademi, IR Fed

  16. Donald Coetzee, SAFIRE
  17. Valentin Pocotilenco, LEAF/Moldova
  18. Khamis Al Raisi, Oman
  19. Simon Green, SGAF
  20. Muhammad Farhan Sjaugi, SIFULAN
  21. Mark Wilson, AUT
  22. Chi Fei Manfred, HKAF
  23. Hideaki Goto, Tohoku University
  24. Mukhammad Andri Setiawan, Indonesia
  25. Raja Visvanathan, INFLIBNET
  26. Md Ariful Islam, BdREN
  27. Khandakar, BdREN
  28. Vutha Keth, Cambodia
  29. Daniel Griggs, NZ
  30. Prof Deokjai Choi, Korea
  31. Sung Kuk KIM, Korea
  32. Francis Fong, HKAF
  33. Wai Man Cheng, JUCC HK
  34. Oscar Wong, JUCC HK
  35. Mitsuhito S, GakuNin
  36. Nguyen Minh Chien, Vietnam
  37. Inder Bandal, Nepal
  38. Abd Hamid, MyREN
  39. Thuenzang Choephel, Bhutan
  40. Jigme Lhendup, Bhutan
  41. Senevi Herath, LEARN/Sri Lanka
  42. Khamphanah,, BdREN
  43. William Wan, CARSI/CERNET
  44. Waqas Ahmed Khan, PERN
  45. Suhaimi Nepis, SIFULAN
  46. ...and other people in the room at APAN46!

Apologies (14)

  1. Roberto Barbera, GrIDP (reason: Department and INFN Division closed in that week)
  2. Wolfgang Pempe (DFN-AAI)
  3. Anasss Chabli, FÉR
  4. Casper Dreef, GÉANT
  5. Chris Phillips, CAF
  6. Mikkel Hald, WAYF
  7. Arnout Terpstra, SURFconext
  8. Jaime Perez, FEIDE
  9. Klaas Wierenga, GÉANT
  10. Nick Roy, InCommon
  11. Vasko Sazdovski, AAIEduMk
  12. Ann Harding, SWITCH
  13. Fernand De Decker, Belnet
  14. Pascal Panneels, Belnet


Welcome, Introductions & Agenda Agreement

The Chair welcomed everyone to the 5th meeting of 2018.

Prior to virtual attendees coming online the chair was explaining to those in the room (this meeting was co-located with the APAN46 conference and specifically the task force on identity and access management (TF-IAM) that is working with APAN members and Asi@Connect project beneficiaries to develop identity federations in their home territories).

Membership Updates and Joining

Recently the voting concluded on the membership of Morocco/ and Mozambique/CAFMoz. This is the 2nd time that the Evento Voting system had been used. The use of this system was welcomed by all. There had been a few teething issues identified by some delegates, mostly to do with attribute release, and this has largely been fixed. There are currently 11 excluded voters from the next vote, six (6) of whom voted prior to the switch to Evento. It is known that Oman KID and ARNaai are still having issues using Evento.

  • ACTION-20180806-01: Brook Schofield to create a test Evento and work with all excluded voters (particularly ARNaai + Oman KID) to ensure that attribute release (or some other issue) isn't impacting their ability to participate.

There are 12 candidate federations, three (3) of which are currently under assessment:

  • Russia/фEDUrus (major changes suggested)
  • Oman/OMREN Fed (minor changes suggested)
  • Zambia/FIDERN (minor changes suggested)

The OMREN team has made it to APAN46 and has had discussions with many of their peer federations on future collaboration. It is expected that votes for at least 2 of the federations will begin shortly.

For details on new members and candidates see and work on progressing new members is underway.

eduGAIN Support and Mentoring

The eduGAIN Compliance Issues wiki page has been updated and there is a noticeable drop in the issues of compliance with the new SAML Profile. While all new participating members must comply with this profile, existing participants will still have a grace period. The eduGAIN support team will continue to work with federations to reduce issues and once the numbers are close to zero or non-responsive federations are the only ones remaining then an enforcement date will be chosen (at a future SG meeting).

The attendance of some of the participants of this meeting have been made available by the BACKFIRE project. While the continuation of TF-IAM tomorrow (Tuesday, 7 August 2018) will focus on Policy Development it is often the case that federations only receive feedback on their policy when they are first attempting to join eduGAIN. There is a need for BACKFIRE/TF-IAM to align with the wider eduGAIN and REFEDS community to find mentors to align with developing federations. This will be taken up in TF-IAM and thanks to those community members that have offered their support and have supported federations in their development.

The question of Logo inclusion in metadata and whether: via URL, or fetch and embedding is the preferred option. Rhys stated that UK federation require HTTPS URLs and that is their preferred. It is known that some federations prefer embedding. Earlier it was stated by Andri that the federation effort in Indonesia has over 4,000 target institutions (more IdPs than currently in eduGAIN). The use of embedded logos would cause the metadata to balloon to a size that would be unmanageable. Raja stated that INFED has a target audience of 50k institutions. Metadata would become unmanageable even without embedded images, which raised the need for MDX to be on the horizon for federations.

Khamis asked about how to identify and realise the benefits of eduGAIN? Knowing what is within eduGAIN and of value out of the thousands of endpoints available has been a long-term challenge in eduGAIN. The future iteration of the GN4 project will required the creation of a cost model for eduGAIN which will require a service to explain the value. There has been a lot of work on service catalogues including MET, hand crafted assessments and Brook's own "not-met" in browser faceted search tool. Recently there has been a paper drafted on Service Catalogues in a Federated Context that will be soon published on the REFEDS site. This document had heavy contribution from eduGAIN members, the AAF in particular. This will hopefully pave the way for development in this space.

A follow-up question was on the use of F-Ticks and monitoring usage of services.

At the REFEDS meeting at TNC18 there was a presentation F-Ticks for Federations that might be interesting for those that missed it.

The deployment of this can be problematic and requires getting buy-in from IdP operators. Historically, SPs, especially those of a commercial nature, don't share any logging information. Vlad stated that Tuakiri/NZ used the Shibboleth v3 upgrade to do this rollout of logging with high acceptance rates by campuses. INFLIBnet use the IdP audit log within Shibboleth to do a similar task. Hub&Spoke federations have an advantage in this regard as all messaging travels via the Hub and thus statistics can easily be generated. Terry stated that the AAF previously used their centralised discovery service for statistics generation, but embedded or customised discovery services impact the resolution and they are moving to an IdP based statistics collection mechanism.

To visualise the results Edugate/HEAnet allow users to login to their service to see usage statistics.

A question was posed to Vlad on how Tuakiri/NZ perform access control against the syslogs that are sent their way. Not access controlled. Possible to use the IdPs IP address/ASN to perform filtering if abuse is suspected.

Future meetings

The next meeting will take place on Tuesday 25th September 2018 at via VC (17:00-18:30 CEST).

AoB and Close

No other business was raised.

The chair thanked all that had addended, especially those virtually as the time for many members wasn't particularly favourable. The meeting closed early so that those attending the APAN46 conference could join the cultural performance and opening on time.

  • No labels