Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

13:15 SGT
7:15 CEST

Arrival & "Can you hear me now?" (see Connection Details)

13:30 SGT
7:30 CEST

Welcome, Introductions & Agenda Agreement

13:45 SGT
7:45 CEST

Privacy and Member Contacts

14:00 SGT
8:00 CEST
Candidate, Member and Participant Requirements
14:15 SGT
8:15 CEST

Revision of the eduGAIN Policy Framework

  • SAML WebSSO Profile - Nicole Harris (Changes | Doc).
  • Grace period for current eduGAIN members.
  • What's left?

See https://github.com/REFEDS/SAML-Profile/ for more info.

14:30 SGT
8:30 CEST

OIDC Federation

    • Update on Progress - Davide Vaghetti.
    • Roadmap?


Presentation: OIDCFed_eduGAIN-SG_20180327.pdf

14:50 SGT
8:50 CEST

Future SG Meetings

14:55 SGT
8:55 CEST

Summary, Actions and Close (or we're running over time).

15:00 SGT
9:00 CEST

Meeting Close.

...

Federations in Attendance (xx)

  1. SWITCHaai
  2. FÉR

Attendees (xx)

  1. Brook Schofield, GÉANT
  2. Casper Dreef, GÉANT
  3. Nicole Harris, GÉANT
  4. Thomas Lenggenhager, SWITCH
  5. Terry Smith, AAF
  6. Chris Phillips, CANARIE
  7. Arnout Terpstra, SURFconext
  8. Maja, P
  9. Zenon Mousmoulas, GRNET
  10. Sten Aus, EENet / TAAT (Estonia)
  11. Sven Hüsson, EENet / TAAT (Estonia)
  12. Alex
  13. Anass Chabli, FÉR
  14. Jonathan Cheng, HKAF
  15. Nicholas Mbonimpa
  16. Pål Axelsson, SWAMID
  17. Pascal P, Belnet
  18. Saeed Khademi, IRFedxxxx, Hitsa
  19. ...
  20. Gerrit Bahlman, APAN Chair
  21. Erik K., NORDUnet
  22. Toby Chan, HKAF
  23. William Wan, CARSI
  24. xxx, Bangladesh
  25. Peter Kopac, safeID
  26. Justin Knight, Jisc
  27. Guy Halse, SAFIRE (with Donald Coetzee)
  28. Davide Vaghetti, GARR

Apologies (x)

  • Wolfgang Pempe, DFN
  • Peter Schober, ACOnet
  • ...

...

Current status - New members and candidates: See https://technical.edugain.org/status and work on progressing new members is underway.

Privacy and Member Contacts

    • Technical website email addresses.
    • Mailing list membership visibility.

Nicole highlighted the eduGAIN GDPR Impact Assessment and there will be a follow-up blog post summarising this advice. This is not a document for consultation/feedback - it is advice from the GÉANT project to the community.

Three options for the technical website:

  1. Default name + email address listed (current situtation).
  2. Default name with hidden email address.
  3. Neither name nor email address.

It was decided that  the best approach would be to ask eduGAIN-SG delegates and deputies to give consent to their information being published and told that not having this information public is an option. 

  •  ACTION20180327-01: Nicole to ask all the SG delegates and deputies to opt-in to having their data published on the eduGAIN website, and make them aware that email can be hidden.

Mailing list subscription.

At the moment the eduGAIN-SG mailing list is set to the default that subscriber information is not visible to other subscribers.  It is proposed that SG members have a legitimate interest in seeing this information (particularly if details may not be shown on the public webpage) so this should be changed to being visible to subscribers. 

  •  ACTION20180327-02: Brook to propose a change in the mailing list settings to allow subscribers of the eduGAIN-SG to see other subscribers and give them a window to object. 

Candidate, Member and Participant Requirements

SG members were asked to review federations that have a) been in the candidate

This comes with a caveat that there isn’t yet a decision by the eduGAIN SG on how to proceed.

Thomas Lenggenhager suggested that a period of 18 months of lack of activity for candidate federations would be a good starting point for reviewing candidate federations.  There would need to be a clear definition of what constituted a lack of activity.   Brook suggested that candidates should have produced a policy and a MRPS within this period of time.

Thomas W queried whether there was any real problem with candidates not having shown activity and it might force candidates to invent policies that were not suitable simply to show progress. 

A simple measure of progress might be that the federation is still responding to email and that this would be sufficient. 

  •  ACTION20180327-04: Brook to propose email response as a simple bar for measuring responsiveness of candidate federations.

For existing participants, there is no check currently in place to ensure that the requirements that existed at the point of joining are still fully in place.  Nicole proposed that this information should be re-validated once every 12 months and if requirements are not being met, then federations may be asked to restart the membership process. 

  •  ACTION20180327-05: eduGAIN-OT to implement a yearly check of basic requirements for member federations.  If requirements are not being met by any member federation, these issues will be brought to the next eduGAIN-SG for review. 

Chris asked if policies should be reviewed by the eduGAIN-SG if they have changed.  It was suggested that it would be good practice for federations to self declare on the eduGAIN-SG if they change their policy or MRPS and invite members to comment.  Changes revealed during the yearly check should also be communicated to the SG list. 

Long term candidacy

FederationDate of ApplicationStatusDecision
Albania - RASH2018-01-18Recent applicant. No Policy/MRPS.
China - CSTCloudFederation2017-11-10Recent applicant. Ready for assessment.
China - CARSI2017-08-01Declaration only. No Policy/MRPS.
Lebanon - LIFE2017-08-07MRPS required prior to assessment
Malawi - MAREN2016-06-08Declaration only. No Policy/MRPS.
Malaysia - SIFULAN2018-01-22Recent applicant. Ready for assessment.
Mexico - FENIX2017-10-25Declaration only. No Policy/MRPS.
Montenegro - eduID2015-06-16Policy under development.
Mozambique - CAFMoz2016-10-13Joining process underway. Response to feedback required.
Russia - RUNNET AAI2018-01-26Joining process underway. Responding to feedback.
Russia - фEDUrus2013-07-03Declaration only. No Policy/MRPS.

Serbia - iAMRES

2015-04-01Declaration only. No Policy/MRPS.
Slovakia - safeID2015-06-16Recent activity. New SG deputy and work on Policy.

...

FederationMRPS ExistsMRPS Based on TemplateDecision
Algeria/ARNaaiYESYES
Argentina/MATEYESYES
Armenia/AFIREYESYES
Australia/AAFYESYES
Austria/ACOnet Identity FederationYESYES
Belarus/FEBASYESNO
Belgium/Belnet FederationYESNO
Brazil/CAFeNON/A
Canada/Canada Access FederationNON/A
Chile/COFReNON/A
Colombia/COLFIREYESYES
Croatia/AAI@EduHrNON/A
Czech Republic/eduID.czNON/A
Denmark/WAYFNON/A
Ecuador/MINGANON/A
Estonia/TAATYESYES
Finland/HAKANON/A
France/Fédération Éducation-RechercheNON/A
Georgia/Grena Identity FederationNONO
Germany/DFN AAINONO
Greece/GRNETNONO
Hungary/eduId.huNONO
India/INFEDYESNO
Iran/IR FedYESYES
Ireland/EdugateYESNO
Israel/IUCC Identity FederationYESNO
Italy/IDEMYESNO
Japan/GakuNinYESNO
Korea/KAFEYESNO
Latvia/LAIFEYESNO
Lithuania/LITNET FEDINONO
Luxembourg/eduID LuxembourgYESYES
Macedonia/AAIEduMkNONO
Moldova/LEAFYESYES
Norway/FEIDENONO
Oman/Oman KIDYESYES
Poland/PIONIER.IdYESNO
Portugal/RCTSaaiNONO
Singapore/Singapore Access Federation - SGAFYESYES
Slovenia/ArnesAAI Slovenska izobrazecalno raziskovalna federacijaNONO
South Africa/SAFIREYESYES
Spain/SIRYESNO
Sweden/SWAMIDYESNO
Switzerland/SWITCHaaiYESNO
The Netherlands/SURFconextYESNO
U.S./InCommonYESNO
Uganda/RIFYESYES
Ukraine/PEANOYESNO
United Kingdom/UK federationYESYES
Bulgaria/BIFNONO
Cyprus/CyNet Identity FederationYESYES
Hong Kong/HKAFYESNO
Italy/Grid Identity PoolNONO
New Zealand/Tuakiri New Zealand Access FederationYESNO
Turkey/YETKIMNON/A

...

Step 2: MRPS template compatible MRPS for everyone.

The deadline was set as 1st April 2018 for all federations to have an adequate MRPS. 

TODO: Policies that don't follow the federation template? What is the importance of this?

General activity and incident response requirements

...

  •  ACTION20180327-06: Brook / Nicole to contact all of the federations that do not have an adequate MRPS to discuss a plan for implementing a MRPS. 

Incident response requirements

Nicole highlighted that edugain-support had started looking at the requirements for incident response and asked for comments and suggestions on the proposed requirements review for central support for incident response at eduGAIN.  This can be found at: eduGAIN Incident Management Coordination Role.


Future meetings: