...
This document describes operational procedures implemented to support eduGAIN SAML services. It is required by the the eduGAIN SAML Profile document [eduGAIN-Profile] and in addition to the Metadata Aggregation Practice Statement must be seen as complementary to eduGAIN SAML Profile.
...
...
eduGAIN services
- management of virtual machines (access management, system maintenance - installation and updates, global backups, status monitoring)
- management of the development platform (based on the GEANT git)
- management of eduGAIN core services (maintenance of any software tools required by the services, monitoring of services, specialised backups)
- supervision of the aggregation function - reaction to aggregation errors, supporting federations in location of problems
- technical documentation - maintenance of user documentation of eduGAIN services
- user support - done in cooperation with the eduGAIN support team
- service development - configuration changes and extensions of existing serices is handled directly but the eduGAIN OT, in particular any development work within the eduGAIM MDS, validator, database is done internally within the team
Management or supervision of supplementary eduGAIN services
- eduGAIN OT directly manages:
- ECCS
- isFederated check
- eduGAIN OT supervises
- CoCo monitor
- WIKI
Supervision of eduGAIN joining process
The task of chairing the eduGAIN SG lies within the Operational Team. The SG chair supervises the joining process of new members, sets up consultations, handles voting, keeps the documentation of the process. As a part of the joining process federations are required to provide contact and technical information including sensitive factors such as public keys used for signature verification.
eduGAIN services
Under the term services listed are utilities as perceived by external users. The internal organisation of services, flow of information and dependencies are not important in this view, but are described in sections further down.
Core Services
Under the term services listed are utilities as perceived by external users. The internal organisation of services, flow of information and dependencies are not important in this view, but are described in sections further down.
Core Services
| Name | Access location | Description |
|---|---|---|
| MDS | https://mds.edugain.org | eduGAIN Metadata Distribution Service (MDS) is the central component of the eduGAIN service as a whole. For the detailed description and procedures used in the eduGAIN metadata aggregate distributed by MDS see [eduGAIN-meta]. The eduGAIN metadata aggregate is produced on a separate, secured host (mds-feed) and it is copied to the distribution hosts and served form there by the http server. The file is updated hourly. |
| The technical site | https://technical.edugain.org | The technical site directed primarily at the federation level personel. It provides information about eduGAIN members, details about their participation. The technical site is also the distribution point of documentation and home for several core and supplementary services. |
| Validator | https://validator.edugain.org | The eduGAIN validator is a service designed for validating metadata adherence. The software has been created primarily as a component of the eduGAIN metadata aggregation and the details of validation rules are given im [eduGAIN-meta]. The same software enriched by a GUI is used a a tool form manual validation of metadata and serves as a support tool for federation operators. |
| eduGAIN status information | https://technical.edugain.org/status | This status page provides a view of the eduGAIN database in the part relevant to membership information and to current status of metadata aggregation. The page also displays short summary information about numbers of entities in eduGAIN. The interface provides links to scans of the eduGAIN declaration signed by federations, direct links to metadata validation |
| Entities database GUI | http://technical.edugain.org/enties | This service is an interface to the part of the eduGAIN database which stores information about entities themselves. The interface has many filtering mechanisms and also allows for CSV download for further processing in a spreadsheet. |
| eduGAIN database API | ||
| Name | Access location | Description |
| MDS | https://mds.edugain.org | eduGAIN Metadata Distribution Service (MDS) is the central component of the eduGAIN service as a whole. For the detailed description and procedures used in the eduGAIN metadata aggregate distributed by MDS see [eduGAIN-meta]. The eduGAIN metadata aggregate is produced on a separate, secured host (mds-feed) and it is copied to the distribution hosts and served form there by the http server. The file is updated hourly. |
| https://technical.edugain.org/api | The API provides access to most of information stored in the database. In particular, the API may be used by the federations to monitor the eduGAIN aggregation process. Other uses are statistics of various sorts or even download membership maps. |
Suplementary services
| Name | Access location | Description | ||||
|---|---|---|---|---|---|---|
| ECCS technical site directed primarily at the federation level personel. It provides information about eduGAIN members, details about their participation. The technical site is also the distribution point of documentation and home for several core and supplementary services.Validator | https://validatortechnical.edugain.org/eccs/ | eduGAIN Connectivity Check Service - monitoring service for IdPs listed in eduGAIN, testing if they are actually ready for eduGAIN - i.e. if they consume eduGAIN metadata | ||||
| isFederated Check | The eduGAIN validator is a service designed for validating metadata adherence. The software has been created primarily as a component of the eduGAIN metadata aggregation and the details of validation rules are given im [eduGAIN-meta]. The same software enriched by a GUI is used a a tool form manual validation of metadata and serves as a support tool for federation operators. | eduGAIN status information | https://technical.edugain.org/isFederatedCheck/status | This status page provides a view of the eduGAIN database in the part relevant to membership information and to current status of metadata aggregation. The page also displays short summary information about numbers of entities in eduGAIN. The interface provides links to scans of the eduGAIN declaration signed by federations, direct links to metadata validation | Entities database GUIThis tool searches all known academic identity federations for matching organisations and then displays the results. | |
| CoCo monitor | http://monitor.edugain.org/coco/ | SRCE | ||||
| Technical testing platform | http://technical-test.edugain.org/enties | This service is an interface to the part of the eduGAIN database which stores information about entities themselves. The interface has many filtering mechanisms and also allows for CSV download for further processing in a spreadsheet. | ||||
| eduGAIN database API | https://technical.edugain.org/api | The API provides access to most of information stored in the database. In particular, the API may be used by the federations to monitor the eduGAIN aggregation process. Other uses are statistics of various sorts or even download membership maps. |
Suplementary services
...
| This host serves as a playground for software development done by the operational team. All extensions are applied, tested and presented at this platform and then transferred to production using the git mechanism | ||
| WIKI | The WIKI is maintained as a part of the GEANT WIKI space. The content is provided by many members of the community. WIKI serves as technical documentation, formal documentation (meeting minutes, documentation of operational procedures) and various guides on joining and making most of eduGAIN | |
| Support |
Operational Team tasks
Management of core eduGAIN services
- management of virtual machines (access management, system maintenance - installation and updates, global backups, status monitoring)
- management of eduGAIN core services (maintenance of any software tools required by the services, monitoring of services, specialised backups)
- supervision of the aggregation function - reacting to aggregation errors, supporting federations in location of problems
- technical documentation - maintenance of user documentation of eduGAIN services
- user support - done in cooperation with the eduGAIN support team
- management of the development platform (based on the GEANT git)
- service development - configuration changes and extensions of existing services, in particular any development work within the eduGAIN MDS, validator, database
Management or supervision of supplementary eduGAIN services
- eduGAIN OT directly manages:
- ECCS
- isFederated check
- eduGAIN OT supervises
- CoCo monitor
- WIKI
Supervision of eduGAIN joining process
The task of chairing the eduGAIN SG lies within the Operational Team. The SG chair supervises the joining process of new members, sets up consultations, handles voting, keeps the documentation of the process. As a part of the joining process federations are required to provide contact and technical information including sensitive factors such as public keys used for signature verification.
...
eduGAIN operational model and availability of services
...