Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Service Description: Service to allow a user to see if his eduGAIN IdP is releasing attributes properly, not too many and not too few. Service URL is http https://release-check.edugain.org/)

Components: Uses a LAMP stack with PHP (using Laravel 5.4 framework) and MySQL.

Code Repository: https://code.geant.net/stash/projects/GN4SA2T2/repos/edugain-attribute-release-check/browse

Infrastructure:

Operational Information: No regular operational maintenance needed as far as we know

Roadmap/ToDos:

...

  • EARC - REFEDS Research and Scholarship Test -> REFEDS R&S Test with Requested Attributes
  • EARC - REFEDS Research and Scholarship NG -> REFEDS R&S Test
  • EARC - GEANT Data Protection Code of Conduct Test -> GEANT Data Protection Code of Conduct Test
  • EARC - No Entity Category Test -> No Entity Category Test Changes SP MDUI DisplayName to
  • EARC - REFEDS Research and Scholarship Test -> EARC - REFEDS Research and Scholarship with Requested Attributes Test
  • EARC - REFEDS Research and Scholarship NG -> EARC - REFEDS Research and Scholarship Test

...

  • ePTID: Accept (= dont treat as superflous attribute) but show info that this attribute was not requested by SP, treat ePTID and persistentID the same way. Rename attribute e.g. to eduPersonTargetedID/persistentId
  • common-lib-terms: Dont tream common-lib-terms value in entitlement attribute as superflous. Treat other values as superflous though.

...

  • API should allow to query results of a particular IdP and to ask which grades an IdP would get if releasing certain attributes to a test SP. Some API calls need yet to be defined and then documented somewhere (e.g. wiki.edugain.org). Should not have high priority as Tomasz/Maja asked for this based on false assumptions about EARC initially. However, others (e.g. Niels) also have some use for an API.

...

  • See above, should not play a role anymore if both are treated the same way (= without penalty)

...

  • Add links to existing R&S, CoCo documentation if grade is worse than an A.

...

  • We don't have a good idea how to grade the results of this test because we don't know what should have more precedence: usability or data privacy or a mix of both.
  • Remove grading as it is not easily possible to do a proper grading but keep information on what is released.
  • Replace verdict with a hint (no attributes = good data privacy but bad usability, all attributes = the other way around)

...

  • Remove section "entityCategories" as it is obsolete/redundant
  • Rename "requestedAttributes" -> "Requested Attributes"

Deployment Information:  ansible-playbook -i ./hosts -l $ENV ansible.yml (where $ENV is test or prod)

Operational Information: No regular operational maintenance needed as far as we know

...