This Task delivers developments aimed at federations and campus identity providers, based on the existing federated identity and eduGAIN models and technologies.

It aims to make federated identity on a pan-European scale easier for federations and campus IdPs to adopt, more scalable to cope with significant growth of entities via eduGAIN, and more secure in complex operating environments.

Key objectives

The key objectives of Task 1 are:

T1.1 eduGAIN policy review

  • In December 2015, the European Parliament and Council reached agreement on data protection reform [DPREFORM]. This will require legal and federation consultation and analysis of eduGAIN’s policies focused on attribute release (Code of Conduct, EU and international variants, Research and Scholarship Entity Categories, recommendations on User consent), in particular focusing on service implications for eduGAIN members.

T1.2 eduGAIN metadata management and attribute release management

  • Develop, pilot and enhance methods for facilitating attribute release and encouraging take-up by federations, including GÉANT Code of Conduct development and support for R&S within eduGAIN.
  • Develop and enhance methods for improving metadata management and interoperability, e.g. adoption and customisation of FedLab results.
  • Develop and enhance methods to ensure quality metadata exchange, e.g. implementation of best practice on metadata streams for eduGAIN.

T1.3 Development of supporting services for campus identity providers

  • Based on findings from AARC, TIER (Internet2) and NREN developments, develop a campus IdP extension to the FaaS service for sites and regions who currently do not have the ability to support or offer a cloud IdP-type of service to campuses.

T1.4 eduGAIN incident management development

  • Based on findings from AARC and REFEDS, pilot and implement the recommendations on the Security Incident Response Trust Framework for Federated Identity (SIRTFI) in the eduGAIN operational context.

Deliverables and Milestones:

GREY  Deliverable D9.1: Market Analysis for Supporting Services for Campus Identity Providers, M8

GREY  Milestone M9.2: Assessment of DP Legislation Implications, M8, White Paper

GREY  Milestone M9.4: SIRTFI Pilot Report, M20, Report

Minutes of periodic Task calls

Task1 Trello Board

https://trello.com/b/bNmCfbZK/geant-campus-idp-platform

Availability of people during the summer 2018 break

https://evento.renater.fr/survey/availability-of-people-in-summer-2018-summer-holidays-please-fill-in-the-weeks-yes-you-will-be-at-work-wid35tjv

Relevant internal / collaborations  documents

Cloud-based IdP services Catalogue


https://campus-idp-test.geant.org/

Face To Face Meetings (notes, agenda, slides)

SWAMID REFEDS SIRTFI and REFEDS R&S Attribute Release Check 

eduGAIN attribute release check 

Measurement and Statistics wiki

Measurement & Statistics


Minutes of periodic task calls

Moving towards production: GEANT Software Management Tools

Useful Links and References


Presentations

     

Final Products Presentations and Documentation

ProductGoalsExpected usersNotes on final status of the productReferences (URLs) and Presentations / Videos / DocumentsSubsequent related activity/task and persons involved in GN4-3Git Repository
Campus IdP PlatformEnable FedOps and IdP admin to spawn and manage their IdPs - Accessed as an eduGAIN SP. Hosted on Openstack or VMware.FedOps and HOs IdP admins

Use Case "Create IdP" implemented:

  • Request and approve new IdP via web client
  • Store configuration data in database
  • Convert configuration data and trigger Ansible
  • Deploy new IdM on existing VM

Demo Video: CampusIDP Platform DEMO (FULL Short Version).mp4

Documentation: Campus IdP Platform Architecture

  • Use Case 1: Create IdP
    • Enable deployment on different target environments
  • Use Case 2: Manage IdP 
    • Edit IdP configuration
    • Delete IdP
  • Use Case 3: Manage Federation
    • Lifecycle management of IdP (approve, remove)
    • Metadata management

Web Client:
https://github.com/GEANT/ClientCampusIdP

API:
https://github.com/GEANT/APICampusIdP 

Measurement and Statistics National and eduGAIN platformGather Fticks from IdPs belonging to national federatoins and eduGAIN, enabling national ID Federatoins to view and manage their forwarding to a central eduGAIN collector nodeFedOps and eduGAIN admins
https://tnc18.geant.org/core/poster/41

Docker dpeloyment

of Campus IdP

Enable Home organization to deploy a simple, basic Shib IdP on DockerHOs IdP admins



Ansible toolkit for deployment of Shibboleth IdPEnable HOs and federatoin to install and configure IdP and related tools using Ansible.HO IdP admins and FedOps
  1. HOWTO Install an Ansible IdP on Localhost: https://docs.google.com/document/d/1u8ItqHiF_rq8CI1IfShqa47HO_ytdmBEz-2e1UPQl90/edit?usp=sharing
  2. HOWTO use Ansible Toolkit in a centralized way: https://docs.google.com/document/d/14T6RCs6azT64XUtXr5ydjXF8rJz17nTFNq5feUyhU20/edit?usp=sharing

Ansible playbook and inventories needed to install and configure a Shibboleth IdP:

  1. https://github.com/GEANT/ansible-shibboleth
  2. https://github.com/GEANT/ansible-shibboleth-inventories

Ansible playbook and inventories needed to install and configure some monitoring tools:

  1. https://github.com/GEANT/ansible-monitoring
  2. https://github.com/GEANT/ansible-monitoring-inventories

Ansible playbook and inventories needed to create VMs upon OpenStack architecture:

  1. https://github.com/GEANT/ansible-openstack
  2. https://github.com/GEANT/ansible-openstack-inventories


SIRTFI email contacts verification toolDeploy a web based tool accessible as eduGAIN SP capable of getting security email contacts for IDPs and capable of sending verification email to admins to verify the effectiveness of the addresses and their responsiveness.

eduGAIN support


FedOps


SIRTFI







  • No labels