eduGAIN Town Hall
The eduGAIN Town Hall was held in concert with Trust and Identity White Paper priority meeting and the REFEDS 2018 Work Plan meetings in Amsterdam between Thursday 7th December 2017 and Friday 8th December 2017.
Wednesday 6th December
|9:00 - 17:00|
simpleSAMLphp workshop at SURFnet, Utrech
Thursday 7th December - 13:30 - 17:00
|10:30 - 12:30||GÉANT Project Future Workplan|
|13:30||State of the Interfederation Service - Brook Schofield (PDF)|
Thinking of best practices in eduGAIN - Nicole Harris
|14:30||eduGAIN Support - Thomas Baerecke (PDF)|
|15:00 - 15:30||Coffee break + Catch-Up Time|
|15:30||T&I Operations - Dick Visser (PDF)|
|16:00||Any other Business (PDF)|
|16:30||Summary and Actions|
Thursday 7th December - 9:15 - 12:00
|9:15 - 12:00|
Registration information available at https://eventr.geant.org/events/2786
Federations in Attendance (26)
- LITNET FEDI
- ACOnet Identity Federation
- UK Federation
- Kostas Koumantaros - Greek Research and Technology Network - GRNET
- Mischa Sallé - Nikhef
- Niels van Dijk - SURFnet bv
- Eimantas Šerpenskas - Litnet | Kaunas University of Technology
- Nicole Harris - GÉANT
- Henny Bekker - SURFnet bv
- Wolfgang Pempe - DFN
- Mads Freek Petersen - wayf.dk
- Tangui Coulouarn - DeIC
- Brook Schofield - GÉANT
- Hans-Peter Ligthart - SURFmarket
- Maarten Kremers - SURFnet bv
- David Groep - Nikhef
- Chris Atherton - GÉANT
- Gerben Venekamp - SURFsara
- Valentin Pocotilenco - RENAM
- André Moreira - CLARIN ERIC
- Pål Axelsson - SUNET
- Ann Harding - SWITCH
- Molnár Péter - NIIF Programme / KIFU
- Klaas Wierenga - GÉANT
- Ouafa Bentaleb - Algerian Research Network, ARN
- Jaime Pérez Crespo - Feide
- Licia Florio - GÉANT
- Nick Roy - Internet2
- Lars Kviteng - UNINETT - Feide
- Sam Jones - Mimoto
- Leif Johansson - SUNET
- Thomas Baerecke - SWITCH
- Lukas Haemmerle - SWITCH
- Esmeralda de Jesus Galamba Pires - FCT|FCCN
- Andrey Novosad - UIIP NASB / BASNET
- Oleg Nosylovsky - UIIP NASB / BASNET
- Davide Vaghetti - Consortium GARR
- Michal Procházka - CESNET, z. s. p. o.
- Slávek Licehammer - CESNET, z. s. p. o.
- Alan Buxey - MyUniDAYS Ltd
- Jule Ziegler - LRZ/DFN
- Mario Reale - Consortium GARR
- Stefan Winter - RESTENA
- Jose-Manuel Macias Luna - RedIRIS
- Peter Schober - ACOnet staff
- José María Fontanillo Muñiz - RedIRIS (Pruebas SIR2 directo) - Spanish Research and Academic Network
- Dick Visser - GÉANT
- Christos Kanellopoulos - GÉANT
- Casper Dreef - GÉANT
- Michael Schmidt - Leibniz Supercomputing Centre (LRZ)
- Hendrik Ike - GÉANT
- Amina Khedimi - cerist
- Héder Mihály - MTA SZTAKI
Virtual Attendees (22)
- Eli Beker - IUCC
- Rhys Smith - Jisc
- Mohácsi János - NIIF Programme / KIFU
- Keith Hazelton - University of Wisconsin-Madison
- Ingimar Örn Jónsson - University of Iceland / RHnet
- Antonis Tzirkallis - CYNET
- Szabó Gyula - MTA SZTAKI Hungary eduID.hu
- Frank Tamás - WIGNER Research Centre for Physics
- Stefan Paetow - Jisc
- Reimer Karlsen-Masur - DFN-CERT Services GmbH
- Georgi Tsochev - BREN
- Temur Maisuradze - GRENA
- Marina Adomeit - AMRES
- Ralf Groeper - DFN
- Yuri Demchenko - University of Amsterdam
- Christoph Graf - SWITCH
- Chris Phillips - CANARIE
- Lalla Mantovani - Consortium GARR
- Hannah Short - CERN
- Marco Leonardi - ESA/ESRIN
- Guy Halse - TENET
- Harry V. Lalor - SheerID, Inc.
- Marco Malavolti - Consortium GARR
- Andrea Biancini - RETI
- Mark Bevers - SURFmarket
- Filip Marinic - European Space Agency
- Miroslav Milinovic - SRCE
- Thomas Lenggenhager - SWITCH
- Arnout Terpstra - SURFnet bv
State of the Interfederation Service
Brook gave a summary of what has happened in eduGAIN in the year past and what is projected to happen in 2018 with regular input and correction from the community. While the morning presentations were focused on the GN4-3 project workplan for 2019 there is still an opportunity to do work in 2018 ahead of the next long term plan.
With a raft of new members joining eduGAIN the focus has moved away from federation membership to encouraging 100% of the IdPs within identity federations to participate (where practical). There are 25 federations with more than 90% of their IdP membership participating in eduGAIN.
Highlighting some of the low % eduGAIN participants (such as RCTSaai/Portugal, AAF/Australia and GakuNin/Japan) was an opportunity to look at the various deployment models. It was an opportunity to engage Esmeralda about RCTSaai deployment and this will be an activity in 2018. Equally a meeting beetween GÉANT and NII the previous day highlighted the need to work on engaging GakuNin members as they want to limit their engagement with SPs and rely on other federations for managing their metadata with the added drive that this will only be possible with eduGAIN participation of the IdPs or risk losing access to services. The AAF have recently outline a mechanism to encourage eduGAIN participation with IdP operators supporting both SIRTFI and R&S in the same motion. Davide raised the issue of "opt-in" vs "opt-out" policy for deployment and how "opt-out" has driven high % engagement (at least visible via eduGAIN) for IDEM. The discussion focused then on metadata interoperability vs higher level interoperability. It is unclear at this point whether simple metadata interoperability is actually achieved and by what degree and whether adopting mechanisms from the maturity/BCP work for eduGAIN pariticipation is more effective. More tooling is required in this regard.
See the (corrected) slides for a summary of activity and visit https://technical.edugain.org/status for up-to-date progerss on federation candidacy, membership and participation.
Thinking of best practices in eduGAIN
Nicole clarified that work on reviewing all policies has largely been completed. There was no need to change the eduGAIN Policy Declaration. The constitutions is completely published and that new constitution requires a SAML profile going with it. The current status of the consultation was presented and a few "sticking points" were discussed.
Peter Schober clarified his comment about MetaIOP where "you must trust a key that is contained in the MD, purely since you trust the MD. You cannot NOT TRUST a certificate as a result and ADFS is not always compliant". In the balancing act of not kicking out ADFS and making use of existing definitions, further discussion will be required to resolve this.
In the current version of the policy, we require registrationinstant - but if nobody uses it, why do we keep it? There weren't any good reasons to enforce its use (which we don't anyway because it is SHOULD) simpler to remove.
Finally, regarding MD aggregators that aggregate metadata from multiple sources MUST use <mdrpi: PublicationPath> but since MDS only accepts metadata from a registrationAuthority and would ignore other entries this isn't needed. Delete.
] Nicole to review and republish the eduGAIN SAML Profile.
Thomas covered the transition of the "eduGAIN eScience Support Pilot" (starting in April 2017) to the eduGAIN Support Service. Statistics on ticket volume were presented in the slide deck. Future work will involve SIRTFI pilot support.
There was some discussion on new members of the federation community joining the support service as a training mechanism. It is desirable for those staffing the support service to have experience in the federation landscape. An extensive FAQ is being developed and the use of multiple people being available each week ensures that there is an escalation path.
Dick Visser took some time to reflect on the T&I White Paper work that covered fundamental infrastructure and whether services should be wholey located on GÉANT infrastructure, entirely distributed or a mixture of both.
Some debate focused on the onus of a Github user to fund the legal defense of ligitation brought against Github for the contents of your code repository. It was concluded that risk is not being able to determine the cost of your lawyers rather than the likelihood of litigation. The array of code "testing" tools that integrate with Github was identified as a benefit that would out weigh other negative traits.
Currently the timeline for providing IaaS via GÉANT is a task that is being shortened. The work of the T&I Ops team within GÉANT (the organisation) will be reviewing this components and informing the work in the service activity of GÉANT (the project) in support of various tooling.
Any Other Business
Any other business was triggered by a short slide deck by Niels van Dijk (PDF) which presented on a proposal to make community signed metadata (in the vein of PEER/REEP) available with decorations. No concrete action resulted from this discussion.
All presentations can be found online.
The schedule of 2018 eduGAIN SG meetings will be distributed in late 2017.