Work Description
This work item will collaborate with REFEDS and with E-INFRA-7 to support the work started in the REFEDS Federations Operations Practices on topics such as metadata management, key operations and others. The work will include:
- Participation in the Federation Operators group to further identify and refine the practices necessary to guarantee the integrity, availability and confidentiality of the federation operations service provided by the national identity federations.
- Piloting the best practice with a subset of federations in the GÉANT eduGAIN community .
- Driving take-up of support for operations best practice within the GÉANT eduGAIN membership by bringing proposals for their adoption to the eduGAIN SG.
Work Area Leader
Nicole Harris
Work Area Participants
Daniela Pöhn, Tangui Coulouarn, Peter Schober, Lalla Mantovani, Thomas Lenggenhager, Nadia Sluer.
Work Area Actions / Ideas
- A Metadata Registration Practice Statement has been developed and circulated but not much feedback has been received. It is unclear whether this is because people are unhappy with the document / uninterested / think it is fine. Next steps would be to talk to the edugain SG about whether they would recommend this as a standard template for federations.
- Work with edugain SG to document adoption based on this statement.
- https://wiki.refeds.org/display/FBP/Federation+Operator+Best+Practice+-+FOP details proposed next steps in developing best practice. Need to ratify a direction for this and what next? Key Management might be interesting but has few use cases that push a need for its development. Publication is an important and problematic area. Need to work with edugain OT and SG on this one.
- Additional work added to make recommendations for updates to the eduGAIN policy framework to ensure that it is non-SAML specific.
Work Items:
| REF | Work Item | Description | Responsible | Due Date |
|---|---|---|---|---|
| 1.3.a. | Position Entity Categories as Recommended Practices within eduGAIN, separate from Profiles | Work with Brook and the eduGAIN SG to establish a "recommended practices" section for eduGAIN and move Code of Conduct to this section. Work with eduGAIN SG to add additional entity categories to this section. | NH to propose | TBD |
| 1.3.b | eduGAIN policy change proposals to support | Propose policy changes to establish a single SAML profile document and change the eduGAIN constitution to be technology agnostic so other things could be hooked under this (Moonshot, GEANT Trust Broker, OIDC etc). Focus here needs to be on description of edugain OT, operational responsibility for trust broker technologies, changes to the SG to allow per-profile voting. | NH to undertake initial draft, ALL to comment and support drafting. | TBD |
| 1.3.c | Complete MRPS | Work on MRPS to break out non-SAML specific processes (e.g. process of registering an organisation) from SAML metadata constructs. Work with eduGAIN SG to make this a recommended template for eduGAIN. Initial draft available for comment (de-SAMLing process not yet done). | NH to undertake initial draft, ALL to comment and support drafting | TBD |
| 1.3.d | Policy template review | Complete a review of the policy template for required updates and work with eduGAIN OT to have this hosted in a more sensible place. | NH to establish policy template as working document. ALL to comment and support drafting. | TBD |