Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

comment #Line/Reference #Proposed Change or QueryProposer / AffiliationAction / Decision (please leave blank)
1NAInclude names and organizations of contributing authors and editor(s)Nicole Roy
2144Does this mean that all participatings federations would have to switch to an opt-out policy? Our (DFN-AAI) constituency wouldn't accept that, I'm afraid... (currently, 314 out of 374 IdPs are exposed to eduGAIN - after all).Wolfgang Pempe
3144I see here a possible conflict with Baseline Expectations FO1 and FO3, especially in terms of filtering out untrustworthy entities from the eduGAIN downstream metadata. Currently, this only applies to SAML1-only-entities, but the next step will be to remove SPs without a Privacy Statement URL. If the Steering Group were to ban such a thing, we'd have a problem...Wolfgang Pempe
4131 (rec 1.2)

We support adding ther ability to filter individual entities. We believe eduGAIN should implement more basic checks at this level, because now entities are dropped downstream (e.g. the UKAF filtering), while the checks are reasonable, doing it decentrally makes the system unpredictable (works in some federations, dropped from others). We should take this kind of actions at the source. Even mandate that downstream federations stop this kind of filtering altogether - either do it centrally or not at all.

SURFconext
5141 (rec 2.1)What is required here of IdPs exactly? Supporting 'personalized' as an IdP means that you must release that bundle to all SP's that request it. Does this mandate that all IdPs will be doing that? And what happens if they don't?SURFconext
6143 (rec 2.3)A clear mission and strategy for eduGAIN are in our opinion required to know what actions you need to take to get there. Some of the proposed recommendations depend on what the mission/vision of eduGAIN actually is. However, we accept that this does not exist yet and we believe that e.g. establishing a better governance model will help if this new governance will prioritze defining a mission and vision for eduGAIN.SURFconext
7153 (rec 3.1)We wholeheartedly support a balanced steering group with a real mandate to decide the direction and operation of eduGAIN and think it's instrumental in bringing about the other changes proposed in the document within a reasonable timeframe or at all.SURFconext
8

89-99

This is a clearly stated and important recommendation, but it is not among those listed in the Recommendations section and so may be overlooked. Should it be added to the Recommendations section? 

Tom Barton
9

90

After “eduGAIN strategy” add “(cf. Recommendation 2.3)”, if that is indeed what the working group means.

Tom Barton
10

135-136

Recommendation 1.4 would create clear guidance as to a required standard. Is the intention to make this a formal eduGAIN policy requirement, as in Recommendation 1.5?

Tom Barton
11

137-138

Does being a “formal eduGAIN policy requirement” mean that it is required for continued membership in eduGAIN (modulo staging and applicability caveats)? If so, it might improve clarity if this is stated somewhere in the report. Perhaps in the Introduction, where some existing examples of such formal policy requirements could be noted.

Tom Barton
12

137-138

Recommendation 1.5 uses the term Assurance, which is often used to refer to various different things. Should the recommendation specify which? For example, it might refer to the REFEDS Assurance Framework, or explicitly refer to one or more of identity, authentication, and attribute assurance. 

Tom Barton
13

150-151

Recommendation 2.5 asks for emerging technologies to be monitored so that corresponding implementation roadmaps can be created. Recommendation 1.5 also creates a roadmap, but makes (staged and applicable) implementation a formal eduGAIN policy requirement. Should Recommendation 2.5 do likewise?

Tom Barton
14

153-154

Recommendation 3.1 would change eduGAIN governance, apparently to address low participation in its current form. Should any additional, more future-oriented, objectives be identified to be addressed with a new governance structure? For example, other recommendations envision that in future there should be implementation roadmaps whose suitable implementation is a formal eduGAIN policy requirement. Do current governance processes support this ability well enough? 

Tom Barton