...
The eduGAIN Compliance Issues wiki page has been updated and there is a noticeble noticeable drop in the issues of compliance with the new SAML Profile. While all new participating members must comply with this profile, existing participants will still have a grace period. The eduGAIN support team will continue to work with federations to reduce issues and once the numbers are close to zero or non-responsive federations are the only ones remaining then an enforcement date will be chosen (at a future SG meeting).
The attendance of some of the participants of this meeting have been made available by the BACKFIRE project. While the continuation of TF-IAM tomorrow (Tuesday, 7 August 2018) will focus on Policy Development it is often the case that federations only receive feedback on their policy when they are first attempting to join eduGAIN. There is a need for BACKFIRE/TF-IAM to align with the wider eduGAIN and REFEDS community to find mentors to align with developing federations. This will be taken up in TF-IAM and thanks to those community members that have offered their support and have supported federations in their development.
The question of Logo inclusion in metadata and whether: via URL, or fetch and embedding is the preferred option. Rhys stated that UK federation require HTTPS URLs and that is their preferred. It is
...
known that some federations prefer embedding. Earlier it was stated by Andri that the federation effort in Indonesia has over 4,000 target institutions (more IdPs than currently in eduGAIN). The use of embedded logos would cause the metadata to balloon to a size that would be
...
unmanageable. Raja stated that INFED has a target audience of 50k institutions. Metadata would become
...
unmanageable even without embedded images, which raised the need for MDX to be on the horizon for federations.
Khamis asked about how to identify and realise the benefits of eduGAIN? Knowing what is within eduGAIN and of value out of the thousands of endpoints available has been a long-term challenge in eduGAIN. The future iteration of the GN4 project will required the creation of a cost model for eduGAIN which will require a service to explain the value. There has been a lot of work on service catalogues including MET, hand crafted assessments and Brook's own "not-met" in browser faceted search tool. Recently there has been a paper drafted on Service Catalogues in a Federated Context that will be soon published on the REFEDS site. This document had heavy contribution from eduGAIN members, the AAF in particular. This will hopefully pave the way for development in this space.
A follow-up question was on the use of F-Ticks and monitoring usage of services.
At the REFEDS meeting at TNC18 there was a presentation F-Ticks for Federations that might be interesting for those that missed it.
The deployment of this can be problematic and requires getting buy-in from IdP operators. Historically, SPs, especially those of a commercial nature, don't share any logging information. Vlad stated that Tuakiri/NZ used the Shibboleth v3 upgrade to do this rollout of logging with high acceptance rates by campuses. INFLIBnet use the IdP audit log within Shibboleth to do a similar task. Hub&Spoke federations have an advantage in this regard as all messaging travels via the Hub and thus statistics can easily be generated. Terry stated that the AAF previously used their centralised discovery service for statistics generation, but embedded or customised discovery services impact the resolution and they are moving to an IdP based statistics collection mechanism.
To visualise the results Edugate/HEAnet allow users to login to their service to see usage statistics.
A question was posed to Vlad on how Tuakiri/NZ perform access control against the
...
syslogs that are sent their way. Not access controlled. Possible to use the IdPs IP address/ASN to perform filtering if abuse is suspected.
Future meetings
The next meeting will take place on Tuesday 25th September 2018 at via VC (17:00-18:30 CEST).
...
The chair thanked all that had addended, especially those virtually as the time for many members wasn't particularly faviourablefavourable. The meeting closed early so that those attending the APAN46 conference could join the cultural performance and opening on time.