Extended periods of a federation metadata unavailability result in the eduGAIN OT being swamped with automatic warning messages. To avoid that the technical participation suspension has been introduced.
If a federation feed is unavailable for an extended period of time (length to be decided but as at least a month) due to either policy violations or metadata link unavailability, the federation is put into a technical suspension status under the provisions of section 3.6 of the eduGAIN Constitution (automatic suspension). (1)
- In the period proceeding suspension eduGAIN support will make effort to contact the federation representatives and try to resolve the problem.
- Federations which are in the technical suspension will be listed in a separate section of the members status page on the eduGAIN technical site. The reason for the suspension will will be visible in the details window.
- For federations in the technical suspension no metadata pull would be done in particular no validation alerts would be sent until the status is changed by the OT. The status page would of course have the link to metadata validation, so that the federation is able to test its current feed before asking us to lift the suspension.
- To make sure that the federation is aware of the problem a weekly reminder would be sent automatically.
- The suspension will be lifted after the federation representative contacts eduGAIN support(2) and support and informs about rectifying the problem. The OT will verify the metadata and if validation succeed will lift the suspension.
- The OT will inform the SG about cases of applying or lifting technical suspensions .(3)
Terry's notes...
1) I think there is some context missing here, i.e why is the federation feed unavailable? Something must have occurred that resulted in the unavailable feed. For someone unfamiliar with the operation of eduGAIN they may question how a policy violation could impact the feed. I don't think you can assume the reader will know that there is a automated policy verification process in place that can stop a federations feed. Referencing other processes that relate to this process may help.
2) The contact details for eduGAIN support need to be clearly provided to the suspended federation in all communications and on their status page.
3) Will there be any time frames or schedule provided for when the SG is notified. For example.
- 1 week prior to suspension the SG is notified of pending suspension
- On the day of suspension the SG is notified
- On the day of lifting suspension the SG is notified
- and will report on suspended federations on each SG meeting.
Suspension workflow
The eduGAIN OT will suspend the participation of an Identity Federation after one month (30 days) is passed from the expiration of the last valid upstream feed. On request of the Identity Federation, an additional one month of grace period could be granted before suspending the participation.
During the period of time ahead of the suspension the eduGAIN OT will continue to send automatic warning messages to the technical contact of the Identity Federation.
One week after the expiration of the last valid upstream feed, the eduGAIN Support will send the first suspension forewarn to inform the technical contacts of the Identity Federation that a failure in fixing the issue will lead to suspension.
After one week is passed with no effect from the first suspension forewarn, the eduGAIN Support will send the second suspension forewarn to the delegate and the deputy of the Identity Federation. The second suspension forewarn will also be sent to the technical contacts of the Identity Federation and the eduGAIN Chair. At this point, the eduGAIN Secretariat will work with the GÉANT Partner Relations and International Relations team to identify appropriate NREN senior contacts to discuss the problems with.
After one week is passed with no effect from the second suspension forewarn, the eduGAIN Support Secretariat will send the third suspension forewarn to the management of the NREN or the Organisation to which the Identity Federation is affiliated with. The third suspension forewarn will also be sent to both the technical contacts and the delegate and the deputy of the Identity Federation and the eduGAIN Chair.
After one week is passed from the third suspension forewarn with no effect, or request of making use of the additional one month of grace period, the Identity Federation participation will be technically suspended * All suspended Federations are reported at each SG meeting. Which federation, how long they have been suspended, why, etc.