Versions Compared

Old Version 1

changes.mady.by.user Brook Schofield

Saved on

compared with

New Version Current

changes.mady.by.user Brook Schofield

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
outlinetrue
stylenone

eduGAIN Steering Group Meeting

...

Tuesday 30th January 2017,

...

14:00 -

...

15:

...

30 CET (in your timezone)

Please Note that the above time is TO BE CONFIRMED.

15

13:45

CEST

CET

Arrival & "Can you hear me now?" (
we won't be using Adobe Connect
see Connection Details)
16
14:00
CEST
CET

Welcome, Introductions & Agenda Agreement

16:15 CEST
    • Status of Uganda/RIF vote
14:15 CET

Hanging Issues for Members and Participants

14:30 CETROBOT Attack (PDF) Shannon Roddy
14:45 CETRevision of the eduGAIN Policy Framework
Constitution v3 (effective from 1 August 2017)
    Decision on the 16:40 CEST

    Requirements gathering for GN4-3 - Ann Harding

    16:50 CEST
    • SAML WebSSO Profile - Nicole Harris
    • Grace period for current eduGAIN members
    • What's left?

    Hanging Issues for Members and Participants

    • Errors/Warnings/Issues
    • "Size of the Problem"
    • Possible changes and any impact

    Candidate Issues

    • Long term candidates
    15:00 CET

    Any other Business


    Future SG Meetings

    • DI4R, Belgium - 30 Nov & 1st December 2017
    • Virtual Meeting in December 2017
    • eduGAIN Town Hall - end 2017/early 2018
    • Forums People Attend? TNC, RDA, Other.
    • Conflict/Changes to 2018 meeting dates/times?
    • Next meeting @ APAN45 - Tuesday March 27th 13:30 Singapore Time

    15:15 CET
    16:55 CEST

    Summary, Actions and Close (or we're running over time).

    17

    15:

    00 CEST

    30 CET

    Meeting Close

    Connection Details

    Attendance

    Federations in Attendance (22)

    1. COFRe
    2. RIF
    3. FÉR
    4. InCommon
    5. DFN
    6. SIR
    7. TAAT
    8. SAFIRE
    9. CAF
    10. RCTSaai
    11. eduID.

    ...

    ...Apologies (nn):

    1. cz
    2. SWITCHaai
    3. AAI@EduHR
    4. SWAMID
    5. eduID.lu
    6. IRANet
    7. SGAF
    8. AAF
    9. LEAF
    10. IIF
    11. Belnet Federation
    12. IDEM

    Attendees (29)

    1. Brook Schofield, GÉANT
    2. Casper Dreef, GÉANT
    3. Nicole Harris, GÉANT
    4. Alejando Lara, REUNA/COFRe
    5. Alex Mwotil, RENU/RIF
    6. Anass Chabli, RENATER/FÉR
    7. Ann West, InCommon
    8. Nick Roy, InCommon
    9. Shannon Roddy, InCommon
    10. Wolfgang Pempe, DFN
    11. José-Manuel Macías, RedIRIS/SIR
    12. Sten Aus, EENet / TAAT (Estonia)
    13. Guy Halse (SAFIRE/TENET)
    14. Chris Phillips, CANARIE/CAF
    15. Esmarelda Pires, RCTSaai
    16. Jiri Borik, eduID.cz
    17. Lukas Hämmerle, SWITCHaai
    18. Marina Adomeit, GN4-2
    19. Miroslav Milinovic, AAI@EduHR
    20. Pål Axelsson, SWAMID
    21. Stefan Winter, RESTENA/eduID.lu
    22. Saeed Khademi, IRANet
    23. Simon Green, SGAF
    24. Terry Smith, AAF
    25. Valentino Pocotilenco, LEAF
    26. Zivan Yoash, IUCC/IIF
    27. Pascal Panneels, Belnet Federation
    28. Barbara Monticini, IDEM
    29. Andi Malaj, Albania/RASH

    Apologies (2)

    • Arnout Terpstra, SURFnet
    • Rhys Smith, UK Federation

    Notes

    Welcome, Introductions & Agenda Agreement

    The Chair welcomed everyone to the 1st meeting of 2018. The agenda was adjusted to put the ROBOT attack presentation ahead of discussion on the Policy Framework.

    Open Actions

    One (1) open action was addressed.

    ACTION 20170831-01: Chair to ask all “voting-only” members for the timeline for their participation and provide input to the next meeting.
       The voting only candidates were contacted with mixed responses on their progression toward eduGAIN participation. Turkey/YETKIM (no response), New Zealand/Tuakiri (don't see the benifits of fully participating at this time), Italy/GridIdP (desire to participate with a service that wants to extend to eduGAIN so there should be movement in the coming months).This action will remain open and be tabled for the next meeting with a broader scope based on "low participation" that should include meeting attendance, voting, assessment of peer federations and other suitable metrics.


    Membership

    ...

    Current status - New members and candidates: See https://technical.edugain.org/status and work on progressing new members is underway.

    The hanging issues from members and participants was continued from the above open action.There are a range of issues on raising the bar for identity federations, some of which will be discussed later, and that a fuller discussion is needed.

    The chair raised the phenomenon of 'twin Federations' with expressed of interest from 3 territories (China, Oman and Russia) that already have a federation (or application underway). Future meetings:

    ...

    It was reiterated that membership of eduGAIN is not for national identity federations but for those primarily engaged in Research and Education and that the existance of schools federation, multiple research networks, funding agencies and the like within our community could result in multiple federations from a single territory. There was no concern nor further discussion.

    The use of the eduGAIN-Discuss mailing list for membership matters had none of the downsides raised at previous meetings and was regarded as a success and should continue.

    ROBOT Attack

    Shannon Roddy from Internet2/InCommon presented on their work on the applicability of the ROBOT Attack against the backchannel connection to Shibboleth instances. His presentation is available as a PDF.

    From the presentation and discussion there were some clear themes, such as only paying attention to "brand name" vulnerabilities, the need for security contacts and incident response lines of communication setup prior to a problem, remediation of this (and other issues) and the role of eduGAIN support.

    The #slack channels available for eduGAIN can be used for this and while more than 130 accounts exist on this platform it isn't universal. Federation email contacts should be approached to enquire about specific Security contacts.

    Nick Roy raised the issue of this remidation only focusing on InCommon and while the total affected IdP population was small the remaining eduGAIN (and wider federation community) wasn't approached and federations should take specific measures to look at their own membership.

    Lukas remarked that eduGAIN Support started contacting federations regarding other operational issues.This practice was welcomed and federation operators would me contacted or included in communication directed at specific endpoints.

    Chris Phillips stated that responsible disclosure is Good™ and wheteher there were specific Guidelines from the Steering Group on this? A #slack channel for discussion on this topic was created initially with Shannon, Nick, Chris and Pål to report back at a future meeting.

    Revision of the eduGAIN Policy Framework

    Nicole stated that the SAML2 WebSSO profile work was still being drafted based on community input. The two remaining issues are:

    1. The ability of ADFS to adhere to the Metadata Interoperability Profile.
    2. The requirement for RegistrationInstant. The decision was to drop it as there were zero concrete reasons for its use.

    Further investigation of point #1 is still required at this point in time. An update will be available at the next SG meeting.

    Any Other Business

    There was a request for OIDC Federation work to be presented at a future SG meeting, espcially since the last revision of the Policy Framework was to make it protocol agnostic. The Chair reminded everyone that supporting Moonshot Technology was the original driver for this but work on federated OIDC has overtaken that work. Chris noted that as a community we risk falling behind the curve if we aren't aware of the issues and progress in this space. Suggestions for presenters was made and it will be tabled in the next SG meeting to support a discussion of a roadmap for OIDC inclusion.

    Future meetings

    No issues with the future meeting schedule was raised.

    ...