Date: Fri, 29 Mar 2024 05:45:58 +0000 (UTC) Message-ID: <568184873.6044.1711691158154@fra-prod-wiki01.geant.org> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6043_1925531383.1711691158153" ------=_Part_6043_1925531383.1711691158153 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Towards DNA3.3 - a work by Martin Haase, Pieter Gietz, et al= . (DAASI)
One aim of task NA3.3 is to identify the current set of policies and pra= ctices in use within R&E federations, and having identified the element= s necessary for enabling the initial set of use cases, specify operational = recommendations for federations to streamline their policies.
In order to get a somewhat representative picture, a questionnaire has b= een developed. Its primary target group are federation operators, supposed = to answer the included questions in telephone interviews. It is assumed tha= t the variety of multiple answers will yield a representative picture of th= e current policies and practices in today's federations. That picture then = will enable to create concrete recommendations which will be the content of= deliverable DNA3.3.
It was chosen to implement an iterative approach: conduct one or two int= erviews and to revise the questionnaire after each. Currently there have be= en conducted interviews with one representative of a mesh-type federation (= DFN-AAI), and one for hub-and-spoke (SURFconext). The current set of questi= ons can be subsumed under the following areas:
Q1: Descriptive Data
Q2: Legal Aspects
Q3: SAML Metadata in the federation
Q4: Service Providers
Q5: Identity Providers
Q6: Further services
Each interviews was conducted with two interviewers; interviewees were g= iven online access to the interview documents in order to do any post-edits= if desired.
So far there are differences and commonalities with the federations exam= ined. As to the differences, these could be attributed to
size of the federation: there are more automatic processes in place = in a bigger federation
type mesh vs. hub-and-spoke: H&S federation are in a position to= 'care' more for its providers
leading negotiations with specific providers wrt. eg. attribute rele= ase
enhance and transform attributes from IdP given to the SP via the Hu= b
There are on the other hand a lot of commonalities, among others
many similarities as to the acceptance policy of an IdP or an SP
=similar pricing models: IdPs are charged via network connectivity co= ntract, SPs are free
similar treatment of export to eduGAIN: membership is via opt-in, SA= ML2 is required, CoCo and R&S entity attributes are supported in order = to make attribute release scalable
Interestingly, the situation with respect to guest IdPs is diverse and d= oes not yield a clear picture or policy. Guest IdPs are allowed in principl= e for the federations we looked at, but there are questions as to
how to express an according LoA,
whether to include social IDs,
whether to allow for more than one guest IdP,
whether to export guest IdP metadata to eduGAIN
The questionnaires including answers are available in the AARC Wiki unde= r Task+NA3.3+Service+= Operational+Models (confidential).
Apparently, especially the area of guest IdPs is missing clear policies = in order to arrive at some general recommendation for federations. There se= emed much more consensus in the rest of the areas regarding current policy.= Thus the aim for the next year is to not focus on the current status, whic= h has been covered well in the sister project GN4, but concentrate more on = future policies and what to recommend here. Especially the areas pertaining= to
guest IdP policies
attribute translation services
attribute authorities
will be of much more importance in Y2 because they are yet unclear to ma= ny federation operators.
As to the concrete work, activities will be aligned with the findings of= GN4-1 SA5 T1.3 - "Federation Operator Best Practice" (cf. https://wiki.geant.org/display/gn41sa5/1.3+Federation+Operat= or+Best+Practice). The areas which have been researched there will be r= emoved from the questionnaire, and we will concentrate on the latter three = topics.