Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This is a proposal for discussion and amendment and has not been ratifiedThe final version of the White Paper can be found here.

1.1 Membership

The eduGAIN Futures Group membership is open to:

  • Any staff member of an eduGAIN Identity Federation.
  • Members of the eduGAIN Service staff, including eduGAIN Security Team, Operational Team, Support Team and Secretariat.
  • Recognised stakeholders from the wider eduGAIN community that are accepted by the group.

New members that do not work for an eduGAIN Identity Federation must receive the approval of two participating Identity Federations before being added to the group.

Members must be able to commit to attending eduGAIN Futures Working Group meetings on a regular basis, providing input to the eduGAIN Futures Working Group deliverables and support the implementation of the proposals developed in national federations and eduGAIN.

1.2 Goals

  1. To review the REFEDS Baseline Expectations document and make proposals for changes to eduGAIN to support the baseline.  
  2. To identify key issues with current eduGAIN service provision and make recommendations for improvements (e.g. support mechanisms for CoCo and R&S, lack of service offer to Service Providers, technology support for OIDC etc). 
  3. To review the governance model for eduGAIN and make recommendations for improvements.
  4. To cross-reference proposals with other working groups and the eduGAIN service teams.  

Out of scope:

  • Direct policy revision - this work will be carried out based on the recommendations of this group.

...

1.5  Deliverables

The outcome of this group will be a document with a set of recommendations for the relevant eduGAIN teams / community. 

...

Work Items

Goal 1: 

To review the REFEDS Baseline Expectations document and make proposals for changes to eduGAIN to support the baseline.  

Baseline RequirementPotential eduGAIN ImprovementsStakeholdersRequired Activities
[FO1] You focus on trustworthiness of Federation as a primary objective and are transparent about such efforts
  • Inability to filter out an entity
  • Lack of updates regarding FO changes (solved by health check? / audit)
  • Inability to take action over CoCo, Sirtfi, R&S violations
  • Governance structure not fit for purpose


[FO2] You publish contact information and respond in a timely fashion to operational issues
  • Enforce FO security contact
  • Enforce use of non-personal address for "contact"
  • We don't have management contacts
  • Poor response / participation from federations?
  • Do we want to create aliases for each federation? e.g. caf@support.edugain.org?
  • Regular testing of technical contacts as well as security contacts


[FO3] You apply security practices to federation operations and ensure timely incident response

  • Inability to take actions centrally (In particular any complaint about a Member shall be made to the operator of its Participating Federation and dealt with between that Member and that operator according to the rules of that Participating Federation and subject only to that Participating Federation’s governing law and jurisdiction)
  • Lack of ability of eduGAIN to enact emergency changes and sanctions on entities
  • Suspension correlation to eduGAIN “rules”
  • Security of core eduGAIN infrastructure (MDS, websites etc).
  • Ensure that we define timely for eduGAIN


[FO4] You follow good practices to ensure authentic, accurate and interoperable metadata to enable secure and trustworthy federated transactions
  • Inability to offer SPs a guaranteed response from specific IdPs - experience of trying to connect is too varied.
  • Some technical checks are informal (e.g. checking the UK import issues list) and not formalised.
  • Too many different tools, lack of one process for checking metadata issues.
  • What is "accurate" what is "interoperable"?  is "consistent" part of this?
  • Is it just about metadata? about the protocol messages?
  • Overview of the tools and description of what each does (landing page). 
  • Metadata propagation and how we improve


[FO5] You implement and support frameworks that improve trustworthy and scalable use of Federation and promote their adoption by members and other participants
  • Governance structure not fit for purpose
  • Need to enforce standards like CoCo, R&S, Sirtfi, assurance, MFA and more
  • Assurance?
  • Adoption and promotion mandate


[FO6] You collaborate with other organisations to promote realization of baseline expectations nationally and internationally
  • Need to implement the baseline first.
  • Continuous work to ensure that compliance is met. 


Goal 2:

To identify key issues with current eduGAIN service provision and make recommendations for improvements (e.g. support mechanisms for CoCo and R&S, lack of service offer to Service Providers, technology support for OIDC etc). 

Core areas mentioned:

  • MFA
  • Assurance
  • R&S / Personalised Entity Category
  • CoCo
  • Sirtfi
  • Changes to federation models - e.g. eduID.
  • Missing services - e.g. service catalogue.

Proposed model suggestions from previous discussions:

Image Added

        

Image Added

Image Added

Goal 3:

To review the governance model for eduGAIN and make recommendations for improvements.

Core areas raised:

  • Current eduGAIN SG is more of an assembly and is not an effective decision making body.
  • Current eduGAIN SG is limited to federation operators.
  • Need for a smaller, elected focused SG?
  • Need for technical support committee? Reference / advisory groups for other stakeholders?
  • Need a better way to review and accept new federations. 
  • What does the new model need to achieve? Decision? Oversight? Review?

Goal 4:

To cross-reference proposals with other working groups and the eduGAIN service teams.  

References

Slides from eduGAIN session: https://docs.google.com/presentation/d/1UvYpMvjFzKYG1eYjSjIqSKmB6pyTZOeI/edit#slide=id.p1.