...
OT procedures
members registering or modification of supplied information
introduction of new eduGAIN metadata requirements
introduction of new good practices for metadata
handling of aggregation alerts
system updates
software development, testing and production implementation
backup
monitoring
- aggregation and signing details
Service Order
Problem resolution
Configuration change
System update
Backup
Disaster recovery
Availability of services
Operational Team tasks
Management of core eduGAIN services
...
eduGAIN OT directly manages:
eduGAIN OT supervises ...
eduGAIN services
Core services
Under the term services listed are utilities as perceived by external users. The internal organisation of services, flow of information and dependencies are not important in this view, but are described in sections further down.
Core Services
Name | Access location | Description |
---|---|---|
MDS | https://mds.edugain.org | eduGAIN Metadata Distribution Service (MDS) is the central component of the eduGAIN service as a whole. For the detailed description and procedures used in the eduGAIN metadata aggregate distributed by MDS see [eduGAIN-meta]. The eduGAIN metadata aggregate is produced on a separate, secured host (mds-feed) and it is copied to the distribution hosts and served form there by the http server. The file is updated hourly. |
The technical site | https://technical.edugain.org | The technical site directed primarily at the federation level personel. It provides information about eduGAIN members, details about their participation. The technical site is also the distribution point of documentation and home for several core and supplementary services. |
Validator | https://validator.edugain.org | The eduGAIN validator is a service designed for validating metadata adherence. The software has been created primarily as a component of the eduGAIN metadata aggregation and the details of validation rules are given im [eduGAIN-meta]. The same software enriched by a GUI is used a a tool form manual validation of metadata and serves as a support tool for federation operators. |
eduGAIN status information | https://technical.edugain.org/status | This status page provides a view of the eduGAIN database in the part relevant to membership information and to current status of metadata aggregation. The page also displays short summary information about numbers of entities in eduGAIN. The interface provides links to scans of the eduGAIN declaration signed by federations, direct links to metadata validation |
Entities database GUI | http://technical.edugain.org/enties |
eduGAIN OT supervises ...
eduGAIN services
This service is an interface to the part of the eduGAIN database which stores information about entities themselves. The interface has many filtering mechanisms and also allows for CSV download for further processing in a spreadsheet. | ||
eduGAIN database API | https://technical.edugain.org/api | The API provides access to most of information stored in the database. In particular, the API may be used by the federations to monitor the eduGAIN aggregation process. Other uses are statistics of various sorts or even download membership maps. |
Suplementary services
Name | Access location | Description |
---|---|---|
ECCS | https://technical.edugain.org/eccs/ | eduGAIN Connectivity Check Service - monitoring service for IdPs listed in eduGAIN, testing if they are actually ready for eduGAIN - i.e. if they consume eduGAIN metadata |
isFederated Check | https://technical.edugain.org/isFederatedCheck/ | This tool searches all known academic identity federations for matching organisations and then displays the results. |
CoCo monitor | http://monitor.edugain.org/coco/ | SRCE |
Technical test | http://technical-test.edugain.org | This host serves as a playground for software development done by the operational team. All extensions are applied, tested and presented at this platform and then transferred to production using the git mechanism |
WIKI | The WIKI is maintained as a part of the GEANT WIKI space. The content is provided by many members of the community. WIKI serves as technical documentation, formal documentation (meeting minutes, documentation of operational procedures) and various guides on joining and making most of eduGAIN | |
Support |
eduGAIN operational model and availability of services
eduGAIN core function is the metadata exchange point. Federations supply their own metadata and download aggregated metadata to supplement their own and redistribute them within their federation members. Federations are strongly discoursed from pointing any of their members directly to the eduGAIN MDS. Within this operational model even a relatively long (several hours) downtime of the MDS does not cause any disruption that could be noticed by individual identity or service providers.
While every care is taken that all eduGAIN services function reliably, the selected operational model allows that services updates and modifications can be done at a short-term notice
...
Operational Team procedures
...
For security reasons singing keys can be present only for federations which have been approved to be a member of the eduGAIN SAML Profile.
eduGAIN services
Under the term services listed are utilities as perceived by external users. The internal organisation of services, flow of information and dependencies are not important in this view, but are described in sections further down.
Core Services
...
.
...
eduGAIN Metadata Distribution Service (MDS) is the central component of the eduGAIN service as a whole. For the detailed description and procedures used in the eduGAIN metadata aggregate distributed by MDS see [eduGAIN-meta]. The eduGAIN metadata aggregate is produced on a separate, secured host (mds-feed)
...
and
...
eduGAIN Metadata Distribution Service (MDS) is the central component of the eduGAIN service as a whole. For the detailed description and procedures used in the eduGAIN metadata aggregate distributed by MDS see [eduGAIN-meta]. The eduGAIN metadata aggregate is produced on a separate, secured host (mds-feed) and the
Organisation and management of services
...
www.edugian.org, technical.edugain.org; validator.edugain.org; mds.edugain.org
All these are CNAMEs for massonia.man.poznan.pl
...
- serves the eduGAIN aggregate file (updated hourly)
- serves the information pages https://technical.edugain.org which includes the status pages, the eduGAIN database WEB GUI and WEB API interfaces, formal documentation
- provides the validator service as https://validator.edugain.org
- provides the ECCS WEB interface at https://technical.edugain.org/eccs/
- provided the isFederatech Check interface as https://technical.edugain.org/isFederatedCheck/
...
eduGAIN database - edugain-db
...
Main access host - technical, validator, mds | |
---|---|
DNS names | www.edugian.org, technical.edugain.org; validator.edugain.org; mds.edugain.org All these are CNAMEs for massonia.man.poznan.pl |
Function |
|
eduGAIN database - edugain-db | |
Function | store all data for services directly managed by the eduGAIN OT |
The aggregation host - mds-feed | |
Function | acquire and validate federation metadata feeds, create, sign and publish the eduGAIN metadata aggregate. |
...