Please Note that the above time is CONFIRMED.
Arrival & "Can you hear me now?" (see Connection Details)
Welcome, Introductions & Agenda Agreement
|Membership Updates and Joining|
eduGAIN Support and Mentoring
eduGAIN within GN4-3
Future SG Meetings
Any other business, Summary and Actions.
Meeting Close (or we are running over time).
The Chair welcomed everyone to the 6th meeting of 2018.
For details on new members and candidates see https://technical.edugain.org/status and work on progressing new members is underwayAs the TNC19 PC meeting is happening tomorrow (Wednesday 26th September) we have Rhys and Sten physically in the office and at the meeting. Because of the unavailability Licia/Marina the GN4-3 will be by Nicole.
There were not comments made on the notes from the previous meeting.
Regarding ACTION-20180806-01 which was to look at excluded voters and whether they could use Evento or not there are 11 excluded voters and they were have all been contacted. Eight have corrected any issues accessing Evento so that is no longer a reason why theyfor them to not vote in future. Those confirmed to be able to access Evento are (HAKA, Edugate, RCTSaai, ArnesAAI, COLFIRE, SIR, ARNaai, IUCC Id Fed
). The federations Oman KID , AAIEduMk, YETKIM
Outstanding Issues with Federations
eduGAIN Compliance Issuesand AAIEduMk aren't able to access Evento - they've identified attribute release issues and information has been provided to them to correct this. The action will stay open until positive responses have been received. YETKIM is so far unresponsive on this issue.
Actions 20180327-04 and 20180327-05 will also remain open and work will start on the assessment of MRPS' for various federations in the coming month.
Lukas announced that SWITCH would be updating their MRPS (which is the first MRPS in existence) in line with the template. Nicole clarified that this will be assessing MRPS against the template for similarity and coverage of required areas. It does NOT require federations to rewrite their MRPS against the template. Suggestions will be made to federations on areas to improve or if a rewrite would be recommended. Chris asked for the most recent version of the MRPS template to be linked and Nicole added this to the eduGAIN Compliance Issues page.
Membership Updates and Joining
There have been 2 new candidate federations since last meeting
The PKIFED is named for PK Identity Federation (not specific to PKI). Their signed statement just arrived at the office before the meeting started. This federation is supported by Asi@Connect BACKFIRE project. Assessment of their policy + MRPS will start soon. The RoEduNetID is receiving support from the GN4-2 project to support their federation joining eduGAIN. RoEduNet (the NREN of Romania) never formalised their service with a policy and were supporting a small number of institutions happily.
Taking advantage of Rhys being in the office we looked at some of the outstanding issues for federation under assessment. Feedback has been provided and hopefully a vote will start soon. There are still lots of application is queue.
For details on new members and candidates see https://technical.edugain.org/status and work on progressing new members is underway.
eduGAIN Support and Mentoring
No update on the mentoring issue and the Chair to prepare information and align those that have volunteered with emerging federations.
Nicole provided an update to the outstanding issues listed on the eduGAIN Compliance Issues page.
43 federations are now compliant, and 6 federations became compliant in September 2018. There is some ongoing work by InCommon to support the new profile. Nick announced that a vote at the InCommon TAC meeting this week was to only export entities with a technical contact. This will vastly increase the support toward the new profile.
Lukas asked whether the layout of the tables using the CCTLD reference rather than the federation name should be changed. This is currently used because the maps that generate use CCTLD for colouring. While eduGAIN was always created to be agnostic of federation location and support multiple federations from a single territory the marketing reasons are still valid. There is work underway to reformat the website to be federation specific.
Nicole also covered the issue of the MRPS review and .... Some federations have historic MRPS documents and there will be an approach made to all federations to assess their MRPS and see if they'll review their federations in line with the template.
Chris Phillips asked for a reference to the MRPS template to be added as there are various iterations.
Support and Mentoring
earlier in the meeting. Miro is aware that he still has a requirement to produce his policy with an English translation. Other nits are being worked through by the Chair and the eduGAIN Support team.
eduGAIN within GN4-3
Nicole gave an overview of What's new? and What's the same?
In GN4-3 the entire Trust and Identity Work Package (formally officially called WP5) is being led by Licia Florio, GÉANT and Marina Adomite, AMRES. There are four (4) tasks within this work package:
- Task 1: Over arching Overarching task that covers the 4 specific services
- eduGAIN (Davide Vaghetti, GARR)
- eduroam (Miroslav Milinovic, Srce)
- eduTEAMS (Christos, GÉANT)
- InAcademia (Justin Knight, Jisc)
- Task 2: Incubator (lead by Niels van Dijk)
- Task 3: Trust & Identity Operations (lead by Nicole Harris, GÉANT)
- Task 4: Research Communities (lead by Maarten Kremers, SURFnet)
Lukas asked that since there are enough non-European attendees in the SG what is the benefit of the project to eduGAIN and Trust & Identity. Nicole explained that it is mutually beneficial to support interconnecting with federations outside Europe for the benefit of Research and Education within Europe. Also reminding the committee that GÉANT has had members that are beyond the bounds of the European Union.
The project is 4 years to start on 1 January 2019 and succeeding the 3-year project GN4-2 and GN4-1 before it than only lasted 1 year.
The Chair also mention the NGI: Trust project which is part of the Next Generation Internet initiative of the EC. GÉANT will participate in NGI: Trust to provide an open call (expected call date to be 1 February 2019) to support ideas that don't fit into the Technical Readiness Levels of the GN4-3 project and can be more experimental in nature. This will be complemented by projects supported by NLnet Foundation and a call also aimed at Distributed Ledger Technology (DLT, aka Blockchain).
Any other Business
With the abundance of time Nicole suggest a Round Table:
Rhys (UK Federation) - 1149 members - SAML metadata management portal - piloting with some customers and will be the basis of the MFS (Managed Federation Service) which started as a reimplementation of the UK Federation, Shibboleth MDA, Azure and container based. Expected completion in December 2018. Liberate (managed eduroam/SAML/Shibboleth/Moonshot IdP instance) that is run on AWS. This service is live. Contact Jisc/Rhys for more information. Reseller agreements are being agreed at the moment.
Nick (InCommon) working on the baseline expectations programme and it will require members to have minimum usability requirements by 14 December otherwise they will be excluded from the federation. Adoption quickly rose from 25% to 50% but has leveled levelled out. More work required to accelerate this again. Two new hires. MDQ service built on AWS Lamba to make per entity metadata available. Will be migrating people to new metadata endpoint.
José Manuel (SIR) the federation still exists which has 2 people. Migrating to SIR2 federation. Will be stopping PAPI as a protocol. MRPS will need to be updated. entityIds entityIDs will be kept, but end-points will change at some moment. Will be using Jagger for metadata management and promoting entity categories and developing local categories. SIRTFI. MDQ. IdPaaS Proof of Concept being developed. Connected to Spanish eIDAS node. Was previously offering STORK.
Halil + Zenon (GRNET) Halil has recently joined the Trust & Identity team. Production MDQ service. Depricating Deprecating the legacy entity grouping mechanism that they provided their membership and use of entity categories. Moving to "opt-in" vs "opt-out". Metadata size is too large, and people don't want to load large dataset and want a production MDQ service.
Miro (AAIEduHr) focusing on operations and team is small
Carlos Ramirez (ColFIRE) xxx
so the balance between operations and future work delayed the policy translation effort.
Pål (SWAMID) working extensively on multifactor. Needs to have a step further than REFEDS MFA profile with the need for identity proofing. Aiming for an end of year deployment. Working with Libraries (public Libraries - not University Libraries) for identity proofing.
Lukas (SWITCH) relevant updates from SWITCHaai is that they'll soon publish new MDRP document based on REFEDS template.AOB
Chris asked that since OpenID Connect wasn't touched on during the call and that there is a way to promote OIDC via membership of the Open ID Foundation. Davide said that the mailing list and group will be setup shortly and people should move there for focus on this. Chris stated that there is the OIDCre group within REFEDS is a useful initial group. The community and interlectual interllectual property rules are different in this space. Davide said that Open ID Foundation isn't significantly different than OASIS.
Lynda.com was going to move toward LinkedIn and Chris' request via eduGAIN Support and statistics provided by ...
- ACTION-TBA: TBA
the community reinforced the need to provide a SAML offering.
The next meeting will take place on TBC (likely to be Tuesday 13th November 2018 at 13:30-15:00 CET via VC). This will be the last meeting of the year as there is no Town Hall scheduled. With GN4-3 starting on 1 January 2019 it is likely there will be a kick off meeting and WP5 face-to-face meeting and aligning a town hall with this meeting would be advantageous to minimise travel for the European continent.