Agreement between UK Federation and GÉANT 4 (year 1) project regarding Easy SP Regisration Process for joining eduGAIN ------------------------------------------------------------------------- Agreement between UK Federation and GÉANT 4 (year 1) project regarding Easy SP Regisration Process for joining eduGAIN ------------------------------------------------------------------------- This agreement describes and clarifies a pilot for GÉANT registering 3rd party SAML Service Providers (SP) with a pan-European scope in eduGAIN via the UK Federation. Background: Adding a service protected by a SAML Service Provider to eduGAIN means registering it with an eduGAIN member federation (https://technical.edugain.org/status.php). This means that services can only join eduGAIN via an existing eduGAIN member federation. There are services (e.g. from research communities, cloud providers, e-journal providers) that have no "natural" relationship to an eduGAIN member federation. In those cases the SP operators often have difficulties to find out how to register their services with eduGAIN. The GÉANT project therefore decided have the SA5 Enabling Users task to create an "Easy SP Registration Process" for joining eduGAIN. This process requires a specified eduGAIN member federation that acts as federation of last resort for the above-mentioned cases where there is no obvious member federation to register certain SPs. The UK Federation, as the largest eduGAIN member federation, agreed to adopt the role of the federation-of-last-resort. This document describes the details of collaboration between the UK Federation and the GÉANT Enabling Users task in the context of a pilot that implements the "Easy SP Registration Process". Scope: * Only registration of Service Providers (SPs) are covered in this agreement via the UK Federation in eduGAIN. Identity Provider (IdPs) are out of scope. * Only those cases where a prospective eduGAIN SP has no obvious natural relationship with another eduGAIN Member federation is covered. SPs that are already part of a national federation which is an eduGAIN member federation or SPs that are for geographical or organisational reasons close to an eduGAIN member federation, are also out of scope of this agreement because they should then added to eduGAIN via that other eduGAIN member federation unless that federation prefers they are registered via this process. * Three categories of SPs to register via the UK Access Federation are: - (International) Research Community - Cloud Provider (e.g. working together with the GÉANT SA7 Cloud Activity) - e-Journal or repository Provider Duration: The pilot and thus the collaboration ends on 1. May 2016 when GÉANT 4 phase 1 also ends. Before the pilot ends, both GÉANT as well as the UK Federation can mutually agree to silently continue the collaboration. Description Easy SP Joining Process: The Easy SP Joining Process will consist of a web page that contains straigh-forward step-by-step instructions and guidance on how to deploy a SAML Service Provider and how to register it via an existing eduGAIN member federation. The instructions will clearly state that SPs should be registered in eduGAIN member federations that are “close” to them. For SPs, where there is no such federation, the instructions will ask the operators of the SP to deploy and register the SP according to the instructions and policies of the UK Federation. If the SP Operator has (as last option) to register with the UK Federation, the web page will contain a form that asks to provide technical data (Metadata) and non-technical data (contacts, names, descriptions). When the form is submitted, its content is sent to members of the Enabling Users task. Their role then is to pre-check and - if needed - complete this data before redirecting it to the UK Federation helpdesk in the name of the SP Operator. This intermediary step helps the Enabling Users team to improve and optimize the Easy SP Joining Process in the pilot phase so that eventually after the pilot, no intermediary step might be needed anymore. After data (incl. metadata and other information required by the UK Federation) is sbumitted to the UK Federation Helpdesk, the normal registration procedures used by the UK Federation are applied. The Enabling Users team will be available as third-level support contact for both, the SP Operator and the UK Federation Helpdesk Compensation: As discussed in the VC of 16. September 2015, the UK Federation will register SPs via the Easy SP Regisration Process in this pilot without compensation by GÉANT. It benefits from: * Third-level support provided by the GÉANT Enabling Users task * Smoother registration by improved registration data (e.g. Metadata) by SPs that likely would joined the UK Federation, as one of the largest academic identity federations world wide, anyway. * Growth in the number of services that are available to all members of the UK Federation (even those that are not in eduGAIN). SP Registrations Limits: Based on past experience it is expected that there will be no more than 2 registrations per month that would have to register with the UK Access Federation. This would result in max 10 SP registrations (Dec. 2015 - April 2016). If this number is exceeded before the pilot ends, the Enabling Users task will review and if neccessary on request of the UK Federation remove or adapt the instructions on the Easy SP Registration page to preven further SP registrations via the UK Federation via this process. Service Level Agreement (SLA) and Metrics: The following Service Level Agreement is applicable during the pilot: * Availability of service infrastructure (metadata aggregate MDA and the Central Discovery Service CDS): target is 99.5% (excluding service-affecting maintenance, which is capped at 0.5%) * Reponse time of all email enquiries (time till an automated ticket number is issued): target is 4 hours * Respone time of all email enquiries till a reply is sent: 2 working days * Membership applications processing time once all required information has been received: target is 5 working days (due to the fact that membership application from some SPs might be complicated) * Time till registered UK Access Management Federation SPs are recorded in the UK Access Management Federation and eduGAIN: target is 2 working days During the pilot data for the above metrics should be collected to evaluate and tune the SLA if necessary. Duties: * Enabling Users task: - Create and operate the web page describing the Easy SP Joining Process - Generally act as an intermediary between SP Operator and UK Federation Helpdesk. - Pre-check and complete the data (e.g. SAML2 metadata) submitted by the SP Operator to make registration with UK Federation as smooth as possible and gain experience that allow optimizing the Easy SP Registration Process. Then submit data in the name of the SP Operator to the UK Federation Helpdesk to initiate normal UK Federation registration procedures - Be third-level contact for SP Operator and UK Federation Helpdesk for eduGAIN-related issues - Collect data for the SLA metrics * UK Federation Helpdesk: - Provide feedback and inputs on Easy SP Registration Process web page and (after the first few registrations) on the process in general - Register SPs with data received from Enabling Users team according to normal UK Federation Procedures - Get in touch with Enabling Users team in case third-level support is needed. * SP Operator: - Follow the Easy SP Registration Process instructions on the web page Contact Persons: * Administrative GÉANT Contact: Ann Harding , Telephone: +41 44 253 98 14 * Technical GÉANT Contact: Lukas Hämmerle , Telephone: +41 44 268 15 64 * UK Federation Administrative Contact: Mark Williams * UK Federation Helpdesk Contact: service@ukfederation.org.uk, Telephone: 0300 300 2212 (from UK) or +44 1235 822 212 (outside UK)