Versions Compared

Old Version 63

changes.mady.by.user Brook Schofield

Saved on

compared with

New Version 64

changes.mady.by.user Brook Schofield

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If your idea already exists in the suggestions, you can just add a +1 for endorsement.

Table of Contents
outlinetrue

Template

Title

<title of your proposal here>

Description<description text here>
Proposer<your name here>
Resource requirements<money? effort? coordination? infrastructure?>
+1's<for others to voice their support - add your name here>

...

Title

Enhance eduGAIN ops instrumentation with general metadata dashboard and augment existing eduGAIN API to query said stats

Description

The eduGAIN technical website would benefit it's members by having a central overall status dashboard that renders a single page with eduGAIN stats with initial focus on latency estimates for metadata circulation. This page should auto-refresh every X seconds/minutes as a configuration. It would be a 'nice to have' if this were operationally friendly such that someone could have it presented in their NOC control center on a screen and also have the data published at an API endpoint such that someone can publicly poll the information in JSON and then in turn render it on their own.

The problem this addresses is the knowledge gap about the state of the system without requiring operational questions or gueses. Many federations exhibit latency on republishing stemming from operational practices and offline signing techniques. It would be helpful to know in a dashboard fashion the following:

  • Last update of mds.edugain.org
  • And per federation last known update of eduGAIN data and time difference since MDS publishing (inferred by eduGAIN ops tools based on publishing practices in a best effort style calculation)

This will go a long way in managing expectations of when to expect data to circulate beyond '24-48hrs'. I suggest a simple table view of flag and age difference from MDS so we may know how far we all drift from each other republishing data from the eduGAIN MDS 'creation date'.

ProposerChris Phillips, CANARIE
Resource requirementsThis is an effort item, likely on eduGAIN OT with some API work too. I estimate it to be small (few days/1 week?), but highly useful and potentially a marketing tool as well.
+1's

CAF, obviously (smile)

SURFnet


Title

Scale eduroam infrastructure to the size of WIFI4EU

Description

There were a multitude of reasons why the GÉANT community couldn't run the infrastructure for WIFI4EU.

Sufficient issues were exposed by managing this as a single centrailsed infrastructure (partially addressed by "get eduroam", "eduroam DEEP Learning", "eduroam SP-as-a-Service"). By identifying all the scaling blocks to existing eduroam services we'd be able to offer advice, guidance and technology push into govroam, WIFI4EU and eduroam services to support the existing infrastructure and development in new territories.

ProposerBrook
Resource requirementsPeople
+1's


Title

A Global Trust & Identity Management Lab Platform

Description

The most interesting session that I had at TechEx 2017 ACAMP was asking "How do students federate an application?" with Fed-Lab.org and TestShib.org existing - but not solving all of the edge cases for new applications and especially new developers.

A student can pick a framework off the self - run through tutorials and then connect their application to a host of services (Github, Twitter, Facebook) but SAML often isn't an option - and even if it is - there is a lack of enviornments that a student/new developer can jump into to make their tool work. This needs to be solved to support new developers, create a sandbox for development and expose SAML integration for various frameworks.

Include OIDC

ProposerBrook (stolen from Andre Marins idea @ TechEx ACAMP 2017https://docs.google.com/document/d/1mvD27mGJQIkvaqXESijDKWrYKvF_ZlC-Ucb-gWRCJjo/edit )
Resource requirements
+1's


Title

Jupyter Notebook for Metadata Management + Decoration

DescriptionThe predominate metadata aggregator used by federations joining eduGAIN is pyFF.io and having a Jupyter Notebook to allow these people to work through the metadata aggregation, selection or exclusion and decoration would be useful in training people to use this tool.
ProposerBrook
Resource requirementsPeople smarter than Brook, time, money
+1's


Title

Two Factor (something)

Description

  • Drive two factor towards ubiquity with low cost - create an eduToken (for the users that do not have a phone; critical mass can bring down the price even more. It can be implemented as a kickstarter campaign).

    • Challenges in deploying multi-factor in EU, partially due to the costs and partially due to the cost involved. A cost-effective approach would help.

    • An edu-token  as  a separate ‘token’ may reintroduce token management aspects (losing the token etc)

    • management is (will be even more) a non issue as the majority of people will use phones. We should strike for that.

ProposerFrom data gathering exercise
Resource requirements<money? effort? coordination? infrastructure?>
+1's<for others to voice their support - add your name here>


Title

Schema Standardisation

Description

Schema standardisation - MACEDir is being rechartered, there is eduPerson, SCHAC, where is the global conversation taking place in the eduPerson?

Ability to leverage the relationships with Microsoft and ADFS - Attempted for many years to influence microsoft to improve ADFS not very successful. We need as a global edu community to have some more leverage.

Proposerfrom data gathering exercise
Resource requirements<money? effort? coordination? infrastructure?>
+1'sprobably for REFEDS?


Title

eduTEAMS and guest IdPs

DescriptioneduTEAMS and guest IdPs - use-cases: need to support social IDs and guest IdP, but it need additional LoA. Step up authN as a service is in the plan
Proposerfrom data gathering exercise
Resource requirements<money? effort? coordination? infrastructure?>
+1'sisn't this the work being done in IoLR +REFEDS?


Title

certbot for all certificate management

Description

Let's Encrypt and the certbot have made certificate management for 1 particular CA very easy and effective. With the addition of ACME v2 this will allow additional CAs to participate and allow the dev/test/production environments to automatically deal with certificates.

Work should also investigate eduPKI and Let'sRADSEC use of this mechanism for certificate maintenance.

TechEx 2016 ACAMP notes: https://docs.google.com/document/d/1o20NmuLjmNySp10QqfueO3of6jmoeTRfmgG4e_olZ_s/edit

ProposerBrook (and a cast of thousands)
Resource requirementsPeople, Money, work to get standardisation of "realm validated certificates via RADIUS infrastructure" and maybe other paths.
+1's


You do not have to fill in every field, just give as much detail as you have right now if you know them.