Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Extended periods of a federation metadata unavailability result in the eduGAIN OT being swamped with automatic warning messages. To avoid that the technical participation suspension has been introduced.

If a federation feed is unavailable for an extended period of time (length to be decided but at least a month) due to either policy violations or metadata link unavailability, the federation is put into a technical suspension status under the provisions of section 3.6 of the eduGAIN Constitution (automatic suspension). (1) 

  • In the period proceeding suspension eduGAIN support will make effort to contact the federation representatives and try to resolve the problem.
  • Federations which are in the technical suspension will be listed in a separate section of the members status page on the eduGAIN technical site. The reason for the suspension will be visible in the details window.
  • For federations in the technical suspension no metadata pull would be done in particular no validation alerts would be sent until the status is changed by the OT. The status page would of course have the link to metadata validation, so that the federation is able to test its current feed before asking us to lift the suspension.
  • To make sure that the federation is aware of the problem a weekly reminder would be sent automatically.
  • The suspension will be lifted after the federation representative contacts eduGAIN support(2) and support and informs about rectifying the problem. The OT will verify the metadata and if validation succeed will lift the suspension.
  • The OT will inform the SG about cases of applying or lifting technical suspensions .(3)

Terry's notes...

1) I think there is some context missing here, i.e why is the federation feed unavailable? Something must have occurred that resulted in the unavailable feed. For someone unfamiliar with the operation of eduGAIN they may question how a policy violation could impact the feed. I don't think you can assume the reader will know that there is a automated policy verification process in place that can stop a federations feed. Referencing other processes that relate to this process may help.

(TW) I assumed that we are targeting informed audience and not general public, this is why explaining such details as you mention did not seem necessary. The first bullet explains that suspension does not happen without prior efforts to resolve things in communication with the federation, lack of coopertation from the federation side is the problem we are facing. If you think that this is useful we may add such stuff in the preamble.

2) The contact details for eduGAIN support need to be clearly provided to the suspended federation in all communications and on their status page.

(TW) While the first is obvious, I find the second doubtful. I am a bit worried about the assumption that we may be dealing with member federations that do not have a clue that they are actually a member of something, do not really care as obvious the suspension is not a problem for them. Please observer that from the technical point of view nothing changes. The are not participating in eduGAIN (no metadata present) anyway, we are simply talking of making this situation more visible to everyone and less painful to the OT (by lowering the number of alerts). If a federation needs to contact eduGAIN, there are plenty of places that list contacts.

3) Will there be any time frames or schedule provided for when the SG is notified. For example.

    - 1 week prior to suspension the SG is notified of pending suspension

(TW) We did not think that there is a reason for a prior notification. As I have already mentioned, the metadata is gone anyway. I planned to send the notifications on the day of applying one and then on the lifting day.

    - On the day of suspension the SG is notified

    - On the day of lifting suspension the SG is notified

    * All suspended Federations are reported at each SG meeting. Which federation, how long they have been suspended, why, etc.

(TW) This stuff will be available on the status page for everyone to inspect, but we may provide a report for every meeting - not problem with that.

...

  • and will report on suspended federations on each SG meeting.

Suspension workflow

The eduGAIN OT will suspend the participation of an Identity Federation after one month (30 days) is passed from the expiration of the last valid upstream feed. On request of the Identity Federation, an additional one month of grace period could be granted before suspending the participation.

...