eduGAIN Steering Group Meeting
Tuesday 25th September 2018, 17:00 - 18:30 CEST (in your timezone)
Please Note that the above time is CONFIRMED.
Arrival & "Can you hear me now?" (see Connection Details)
Welcome, Introductions & Agenda Agreement
|Membership Updates and Joining|
eduGAIN Support and Mentoring
eduGAIN within GN4-3
Future SG Meetings
Any other business, Summary and Actions.
Meeting Close (or we are running over time).
- SIP: firstname.lastname@example.org
Federations in Attendance (20)
- UK Federation
- Brook Schofield, GÉANT
- Nicole Harris, GÉANT
- Rhys Smith, UK Federation
- Sten Aus, TAAT
- Simon Green, SGAF
- Casper Dreef, GÉANT
- Alejandro Lara, COFRe
- Donald Coetzee, SAFIRE
- Guy Halse, SAFIRE
- Muhammad Farhan Sjaugi, SIFULAN
- Pål Axelsson, SWAMID
- Nick Roy, InCommon
- José Manuel Macias, SIR
- Miroslav Milinovic, AAI@EduHr
- Raja V, INFED
- Jean Carlo Faustino, CAFé
- Valentin, LEAF
- Julie Menzies, CAF
- Chris Phillips, CAF
- Davide Vaghetti, IDEM
- Lukas Hämmerle, SWITCH
- Zenon Mousmoulas, GRNET
- Halil Adem, GRNET
- Motonori, GakuNin
- Boro Jakimovski, AAIEduMk
- Carlos Ramirez, RENATA/COLFIRE
- Jiri Borik, eduID.cz
- Terry Smith, AAF
- Wolfgang Pempe, DFN
- Arnout Terpstra, SURFnet
- Pascal Panneels, Belnet-AAI
- Vasko Sazdovski, AAIEduMk (also leaving the federation team)
- Mikkel Hald, WAYF
- Maarten Kremers, SURFconext
- Joost van Dijk, SURFconext
- Jaime Perez Crespo, FEIDE
- Ann Harding, SWITCH
- Andria Dionysiou, CIF
- Carlos Guzman,
- Ann West, InCommon
- Timo Mustonen
- Zivan Yoash, IIF
- Rui Ribeiro, CAFé
- Mads Freek Petersen, WAYF
- Lino Khálau, xxx
- Glenn Wearen, Edugate
- Esmeralda Pires, RCTSaai
- Nicholas, RENU/RIF
Welcome, Introductions & Agenda Agreement
The Chair welcomed everyone to the 6th meeting of 2018.
As the TNC19 PC meeting is happening tomorrow (Wednesday 26th September) we have Rhys and Sten physically in the office and at the meeting. Because of the unavailability Licia/Marina the GN4-3 will be by Nicole.
There were not comments made on the notes from the previous meeting.
Regarding ACTION-20180806-01 which was to look at excluded voters and whether they could use Evento or not there are 11 excluded voters and they have all been contacted. Eight have corrected any issues accessing Evento so that is no longer a reason for them to not vote in future. Those confirmed to be able to access Evento are (HAKA, Edugate, RCTSaai, ArnesAAI, COLFIRE, SIR, ARNaai, IUCC Id Fed). The federations Oman KID and AAIEduMk aren't able to access Evento - they've identified attribute release issues and information has been provided to them to correct this. The action will stay open until positive responses have been received. YETKIM is so far unresponsive on this issue.
Actions 20180327-04 and 20180327-05 will also remain open and work will start on the assessment of MRPS' for various federations in the coming month.
Lukas announced that SWITCH would be updating their MRPS (which is the first MRPS in existence) in line with the template. Nicole clarified that this will be assessing MRPS against the template for similarity and coverage of required areas. It does NOT require federations to rewrite their MRPS against the template. Suggestions will be made to federations on areas to improve or if a rewrite would be recommended. Chris asked for the most recent version of the MRPS template to be linked and Nicole added this to the eduGAIN Compliance Issues page.
Membership Updates and Joining
There have been 2 new candidate federations since last meeting
The PKIFED is named for PK Identity Federation (not specific to PKI). Their signed statement just arrived at the office before the meeting started. This federation is supported by Asi@Connect BACKFIRE project. Assessment of their policy + MRPS will start soon. The RoEduNetID is receiving support from the GN4-2 project to support their federation joining eduGAIN. RoEduNet (the NREN of Romania) never formalised their service with a policy and were supporting a small number of institutions happily.
Taking advantage of Rhys being in the office we looked at some of the outstanding issues for federation under assessment. Feedback has been provided and hopefully a vote will start soon. There are still lots of application is queue.
For details on new members and candidates see https://technical.edugain.org/status and work on progressing new members is underway.
eduGAIN Support and Mentoring
No update on the mentoring issue and the Chair to prepare information and align those that have volunteered with emerging federations.
Nicole provided an update to the outstanding issues listed on the eduGAIN Compliance Issues page.
43 federations are now compliant, and 6 federations became compliant in September 2018. There is some ongoing work by InCommon to support the new profile. Nick announced that a vote at the InCommon TAC meeting this week was to only export entities with a technical contact. This will vastly increase the support toward the new profile.
Lukas asked whether the layout of the tables using the CCTLD reference rather than the federation name should be changed. This is currently used because the maps that generate use CCTLD for colouring. While eduGAIN was always created to be agnostic of federation location and support multiple federations from a single territory the marketing reasons are still valid. There is work underway to reformat the website to be federation specific.
Nicole also covered the issue of the MRPS review earlier in the meeting. Miro is aware that he still has a requirement to produce his policy with an English translation. Other nits are being worked through by the Chair and the eduGAIN Support team.
eduGAIN within GN4-3
Nicole gave an overview of What's new? and What's the same?
In GN4-3 the entire Trust and Identity Work Package (officially called WP5) is being led by Licia Florio, GÉANT and Marina Adomite, AMRES. There are four (4) tasks within this work package:
- Task 1: Overarching task that covers the 4 specific services
- eduGAIN (Davide Vaghetti, GARR)
- eduroam (Miroslav Milinovic, Srce)
- eduTEAMS (Christos, GÉANT)
- InAcademia (Justin Knight, Jisc)
- Task 2: Incubator (Niels van Dijk)
- Task 3: Trust & Identity Operations (Nicole Harris, GÉANT)
- Task 4: Research Communities (Maarten Kremers, SURFnet)
Lukas asked that since there are enough non-European attendees in the SG what is the benefit of the project to eduGAIN and Trust & Identity. Nicole explained that it is mutually beneficial to support interconnecting with federations outside Europe for the benefit of Research and Education within Europe. Also reminding the committee that GÉANT has had members that are beyond the bounds of the European Union.
The project is 4 years to start on 1 January 2019 and succeeding the 3-year project GN4-2 and GN4-1 before it than only lasted 1 year.
The Chair also mention the NGI: Trust project which is part of the Next Generation Internet initiative of the EC. GÉANT will participate in NGI: Trust to provide an open call (expected call date to be 1 February 2019) to support ideas that don't fit into the Technical Readiness Levels of the GN4-3 project and can be more experimental in nature. This will be complemented by projects supported by NLnet Foundation and a call also aimed at Distributed Ledger Technology (DLT, aka Blockchain).
Any other Business
With the abundance of time Nicole suggest a Round Table:
Rhys (UK Federation) - 1149 members - SAML metadata management portal - piloting with some customers and will be the basis of the MFS (Managed Federation Service) which started as a reimplementation of the UK Federation, Shibboleth MDA, Azure and container based. Expected completion in December 2018. Liberate (managed eduroam/SAML/Shibboleth/Moonshot IdP instance) that is run on AWS. This service is live. Contact Jisc/Rhys for more information. Reseller agreements are being agreed at the moment.
Sten (TAAT) - investigating issues with attribute release with various members. Adding members to the federation and marketing the value of the service and eduGAIN. Manpower constrains make juggling operations and development difficult.
Guy (SAFIRE) work on getting local publishers participating in the federation.
Chris/Julie (CAF) working on eVA (eduroam Visitor Access) cross over service that they are piloting in Canada from SURFnet. SIRTFI and R&S
Simon (SGAF)migrated infrastructure to new datacentre and uses a proxy for their ADFS users and are exploring how to avoid the double discovery.
Nick (InCommon) working on the baseline expectations programme and it will require members to have minimum usability requirements by 14 December otherwise they will be excluded from the federation. Adoption quickly rose from 25% to 50% but has levelled out. More work required to accelerate this again. Two new hires. MDQ service built on AWS Lamba to make per entity metadata available. Will be migrating people to new metadata endpoint.
José Manuel (SIR) the federation still exists which has 2 people. Migrating to SIR2 federation. Will be stopping PAPI as a protocol. MRPS will need to be updated. entityIDs will be kept, but end-points will change at some moment. Will be using Jagger for metadata management and promoting entity categories and developing local categories. SIRTFI. MDQ. IdPaaS Proof of Concept being developed. Connected to Spanish eIDAS node. Was previously offering STORK.
Alejandro (COFRe) working on the issues for SAML profile compliance for eduGAIN. This requires an upgrade to pyFF.io. Also publishing RedCLARA services to eduGAIN for the wider Latin American community.
Halil + Zenon (GRNET) Halil has recently joined the Trust & Identity team. Production MDQ service. Deprecating the legacy entity grouping mechanism that they provided their membership and use of entity categories. Moving to "opt-in" vs "opt-out". Metadata size is too large, and people don't want to load large dataset and want a production MDQ service.
Miro (AAIEduHr) focusing on operations and team is small so the balance between operations and future work delayed the policy translation effort.
Pål (SWAMID) working extensively on multifactor. Needs to have a step further than REFEDS MFA profile with the need for identity proofing. Aiming for an end of year deployment. Working with Libraries (public Libraries - not University Libraries) for identity proofing.
Farhan (SIFULAN) identity workshop scheduled for 10 October to encourage media publishers to join the federation and promote eduGAIN.
Boro (AAIEduMk) reporting from the airport that the Macedonian AAI that they had extended to primary and secondary schools and working on enlargement to all of the universities. Statistics and measurement as a secondary project.
Davide (IDEM) working on the SAML profile compliance (only completed yesterday) and enabling publisher to work with IdPs via eduGAIN. Interoperability isn't a given and has been challenging. Putting MDQ in production by years end - and working on IdP in the Cloud service. Working with government ID as a 2nd factor.
Jean Carlo (CAFé) two big initiatives. Implementation of SIRTFI and focused on the first institution working by end of the year. Developing a roadmap for 2019 and moving the use of federated auth and updating UX/UI to improve design. BReduPerson schema update and adoption of ORCID. Working on improving the deployment of their tools and collaborating with IDEM.
Lukas (SWITCH) relevant updates from SWITCHaai is that they'll soon publish new MDRP document based on REFEDS template.
Chris asked that since OpenID Connect wasn't touched on during the call and that there is a way to promote OIDC via membership of the Open ID Foundation. Davide said that the mailing list and group will be setup shortly and people should move there for focus on this. Chris stated that there is the OIDCre group within REFEDS is a useful initial group. The community and interllectual property rules are different in this space. Davide said that Open ID Foundation isn't significantly different than OASIS.
Lynda.com was going to move toward LinkedIn and Chris' request via eduGAIN Support and statistics provided by the community reinforced the need to provide a SAML offering.
The next meeting will take place on Tuesday 13th November 2018 at 13:30-15:00 CET via VC. This will be the last meeting of the year as there is no Town Hall scheduled. With GN4-3 starting on 1 January 2019 it is likely there will be a kick off meeting and WP5 face-to-face meeting and aligning a town hall with this meeting would be advantageous to minimise travel for the European continent.