eduGAIN Steering Group Meeting
Tuesday 25th September 2018, 17:00 - 18:30 CEST (in your timezone)
Please Note that the above time is CONFIRMED.
Arrival & "Can you hear me now?" (see Connection Details)
Welcome, Introductions & Agenda Agreement
|Membership Updates and Joining|
eduGAIN Support and Mentoring
eduGAIN within GN4-3
Future SG Meetings
Any other business, Summary and Actions.
Meeting Close (or we are running over time).
- SIP: firstname.lastname@example.org
Federations in Attendance (20)
- UK Federation
- Brook Schofield, GÉANT
- Nicole Harris, GÉANT
- Rhys Smith, UK Federation
- Sten Aus, TAAT
- Simon Green, SGAF
- Casper Dreef, GÉANT
- Alejandro Lara, COFRe
- Donald Coetzee, SAFIRE
- Guy Halse, SAFIRE
- Muhammad Farhan Sjaugi, SIFULAN
- Pål Axelsson, SWAMID
- Nick Roy, InCommon
- José Manuel Macias, SIR
- Miroslav Milinovic, AAI@EduHr
- Raja V, INFED
- Jean Carlo Faustino, CAFé
- Valentin, LEAF
- Julie Menzies, CAF
- Chris Phillips, CAF
- Davide Vaghetti, IDEM
- Lukas Hämmerle, SWITCH
- Zenon Mousmoulas, GRNET
- Halil Adem, GRNET
- Motonori, GakuNin
- Boro Jakimovski, AAIEduMk
- Carlos Ramirez, RENATA/COLFIRE
- Jiri Borik, eduID.cz
- Terry Smith, AAF
- Wolfgang Pempe, DFN
- Arnout Terpstra, SURFnet
- Pascal Panneels, Belnet-AAI
- Vasko Sazdovski, AAIEduMk (also leaving the federation team)
- Mikkel Hald, WAYF
- Maarten Kremers, SURFconext
- Joost van Dijk, SURFconext
- Jaime Perez Crespo, FEIDE
- Ann Harding, SWITCH
- Andria Dionysiou, CIF
- Carlos Guzman,
- Ann West, InCommon
- Timo Mustonen
- Zivan Yoash, IIF
- Rui Ribeiro, CAFé
- Mads Freek Petersen, WAYF
- Lino Khálau, xxx
- Glenn Wearen, Edugate
- Esmeralda Pires, RCTSaai
- Nicholas, RENU/RIF
Welcome, Introductions & Agenda Agreement
The Chair welcomed everyone to the 6th meeting of 2018.
For details on new members and candidates see https://technical.edugain.org/status and work on progressing new members is underway.
Regarding ACTION-20180806-01 which was to look at excluded voters and whether they could use Evento or not there are 11 excluded voters and they were all contacted. Eight have corrected any issues accessing Evento so that is no longer a reason why they
HAKA, Edugate, RCTSaai, ArnesAAI, COLFIRE, SIR, ARNaai, IUCC Id Fed
Oman KID, AAIEduMk, YETKIM
Outstanding Issues with Federations
43 federations are now compliant and 6 federations became compliant in September 2018. There is some ongoing work by InCommon to support the new profile. Nick announced that a vote at the InCommon TAC meeting this week was to only export entities with a technical contact. This will vastly increase the
Lukas asked whether the layout of the tables using the CCTLD reference rather than the federation name should be changed. This is currently used.
Nicole also covered the issue of the MRPS review and .... Some federations have historic MRPS documents and there will be an approach made to all federations to assess their MRPS and see if they'll review their federations in line with the template.
Chris Phillips asked for a reference to the MRPS template to be added as there are various iterations.
Support and Mentoring
What's new? What's the same?
In GN4-3 the entire Trust and Identity Work Package (formally called WP5) is being led by Licia Florio, GÉANT and Marina Adomite, AMRES. There are four (4) tasks within this work package:
- Task 1: Over arching task that covers the 4 specific services
- eduGAIN (Davide Vaghetti, GARR)
- eduroam (Miroslav Milinovic, Srce)
- eduTEAMS (Christos, GÉANT)
- InAcademia (Justin Knight, Jisc)
- Task 2: Incubator (lead by Niels van Dijk)
- Task 3: Trust & Identity Operations (lead by Nicole Harris, GÉANT)
- Task 4: Research Communities (lead by Maarten Kremers, SURFnet)
Lukas asked that since there are enough non-European attendees in the SG what is the benefit of the project to eduGAIN and Trust & Identity. Nicole explained that it is mutually beneficial to support....
Rhys (UK Federation) - 1149 members - SAML metadata management portal - piloting with some customers and will be the basis of the MFS (Managed Federation Service) which started as a reimplementation of the UK Federation, Shibboleth MDA, Azure and container based. Expected completion in December 2018. Liberate (managed eduroam/SAML/Shibboleth/Moonshot IdP instance) that is run on AWS. This service is live. Contact Jisc/Rhys for more information. Reseller agreements are being agreed at the moment.
Sten (TAAT) - investigating issues with attribute release with various members. Adding members to the federation and marketing the value of the service and eduGAIN. Manpower constrains make juggling operations and development difficult.
Guy (SAFIRE) work on getting local publishers participating in the federation.
Chris/Julie (CAF) working on eVA (eduroam Visitor Access) cross over service that they are piloting in Canada from SURFnet. SIRTFI and R&S
Simon (SGAF)migrated infrastructure to new datacentre and uses a proxy for their ADFS users and are exploring how to avoid the double discovery.
Nick (InCommon) working on the baseline expectations programme and it will require members to have minimum usability requirements by 14 December otherwise they will be excluded from the federation. Adoption quickly rose from 25% to 50% but has leveled out. More work required to accelerate this again. Two new hires. MDQ service built on AWS Lamba to make per entity metadata available. Will be migrating people to new metadata endpoint.
José Manuel (SIR) the federation still exists which has 2 people. Migrating to SIR2 federation. Will be stopping PAPI as a protocol. MRPS will need to be updated. entityIds will be kept, but end-points will change at some moment. Will be using Jagger for metadata management and promoting entity categories and developing local categories. SIRTFI. MDQ. IdPaaS Proof of Concept being developed. Connected to Spanish eIDAS node. Was previously offering STORK.
Alejandro (COFRe) working on the issues for SAML profile compliance for eduGAIN. This requires an upgrade to pyFF.io. Also publishing RedCLARA services to eduGAIN for the wider Latin American community.
Halil + Zenon (GRNET) Halil has recently joined the Trust & Identity team. Production MDQ service. Depricating the legacy entity grouping mechanism that they provided their membership and use of entity categories. Moving to "opt-in" vs "opt-out". Metadata size is too large and people don't want to load large dataset and want a production MDQ service.
Miro (AAIEduHr) focusing on operations and team is small
Carlos Ramirez (ColFIRE) xxx
Pål (SWAMID) working extensively on multifactor. Needs to have a step further than REFEDS MFA profile with the need for identity proofing. Aiming for an end of year deployment. Working with Libraries (public Libraries - not University Libraries) for identity proofing.
Farhan (SIFULAN) identity workshop scheduled for 10 October to encourage media publishers to join the federation and promote eduGAIN.
Boro (AAIEduMk) reporting from the airport that the Macedonian AAI that they had extended to primary and secondary schools and working on enlargement to all of the universities. Statistics and measurement as a secondary project.
Davide (IDEM) working on the SAML profile compliance (only completed yesterday) and enabling publisher to work with IdPs via eduGAIN. Interoperability isn't a given and has been challenging. Putting MDQ in production by years end - and working on IdP in the Cloud service. Working with government ID as a 2nd factor.
Jean Carlo (CAFé) two big initiatives. Implementation of SIRTFI and focused on the first institution working by end of the year. Developing a roadmap for 2019 and moving the use of federated auth and updating UX/UI to improve design. BReduPerson schema update and adoption of ORCID. Working on improving the deployment of their tools and collaborating with IDEM.
Lukas (SWITCH) relevant updates from SWITCHaai is that they'll soon publish new MDRP document based on REFEDS template.
Chris asked that since OpenID Connect wasn't touched on during the call and that there is a way to promote OIDC via membership of the Open ID Foundation. Davide said that the mailing list and group will be setup shortly and people should move there for focus on this. Chris stated that there is the OIDCre group within REFEDS is a useful initial group. The community and interlectual property rules are different in this space. Davide said that Open ID Foundation isn't significantly different than OASIS.
Lynda.com was going to move toward LinkedIn and Chris' request via eduGAIN Support and statistics provided by ...
- ACTION-TBA: TBA
The next meeting will take place on TBC (likely to be Tuesday 13th November 2018 at 13:30-15:00 CET via VC)