Page History

• Inability to filter out an entity
• Lack of updates regarding FO changes (solved by health check? / audit)
• Inability to take action over CoCo, Sirtfi, R&S violations
• Governance structure not fit for purpose

• Enforce FO security contact
• Enforce use of non-personal address for "contact"
• We don't have management contacts
• Poor response / participation from federations?
• Do we want to create aliases for each federation? e.g. caf@support.edugain.org?
• Regular testing of technical contacts as well as security contacts

[FO3] You apply security practices to federation operations and ensure timely incident response

• Inability to take actions centrally (In particular any complaint about a Member shall be made to the operator of its Participating Federation and dealt with between that Member and that operator according to the rules of that Participating Federation and subject only to that Participating Federation’s governing law and jurisdiction)
• Lack of ability of eduGAIN to enact emergency changes and sanctions on entities
• Suspension correlation to eduGAIN “rules”
• Security of core eduGAIN infrastructure (MDS, websites etc).
• Ensure that we define timely for eduGAIN

• Inability to offer SPs a guaranteed response from specific IdPs - experience of trying to connect is too varied.
• Some technical checks are informal (e.g. checking the UK import issues list) and not formalised.
• Too many different tools, lack of one process for checking metadata issues.
• What is "accurate" what is "interoperable"?  is "consistent" part of this?
• Is it just about metadata? about the protocol messages?
• Overview of the tools and description of what each does (landing page). 
• Metadata propagation and how we improve

• Governance structure not fit for purpose
• Need to enforce standards like CoCo, R&S, Sirtfi, assurance, MFA and more
• Assurance?
• Adoption and promotion mandate

• Need to implement the baseline first.
• Continuous work to ensure that compliance is met.