This section asks for your feedback on services and developments currently in GN4-2 and how you see they should be positioned in GN4-3 (from 2019 on).

They've been grouped by rough groupings rather than the internal project codes or current project structure as knowledge of GEANT project structure should not be a requirement to evaluate them. Please use the comments section if you'd like to break down the groupings more e.g. if you think one aspect should be stopped but not all.

You can indicate if you think it should be maintained, significantly changed/enhanced or dropped by adding +1 to the relevant column and adding extra detail in comments.

e.g.

NameMaintainChangeDropComment
Example service 1+1 (yourname - optional, but makes clarification easier)

This is the best example service ever! Keep it.(yourname - optional)
Example service 2

+1Nobody is using this service, it is too complicated

You can also indicate if GÉANT project, GÉANT community (independently of project)  or another group should be the main driver if you have opinions on those matters.

If you are not sure of the current status or direction of any of these services, feel free to check details with the listed people, or simply say what you think it should be, or contact Ann, Marina or Klaas for more info.

Table of Developments and Services

NameMaintain/ContinueChange/ImproveDrop/RetireComment

eduroam core services

ETLRS operation

Info Contact: Miro Milinovic

+1 (Stefan Winter)

+1 (Mario Reale)

+1 (Nicole Harris)
Move to a more sustainable subscription model outside the project.

eduroam supporting services

CAT, monitor.eduroam.org etc.

Info Contact: Stefan Winter/Miro Milinovic

+1 (Stefan Winter)

+1 (Mario Reale)

+1 (T. Wolniewicz)

+1 (Nicole Harris)
Move to a more sustainable subscription model outside the project.

eduroam Managed IdP

(small and large site approaches)

Info Contact: Stefan Winter


+1 (Stefan Winter)

+1 (T. Wolniewicz)


develop into production service (Stefan Winter)

eduroam diagnostics

(end user diagnostics, probes etc.)

Info Contact: Stefan Winter


+1 (Stefan Winter)

+1 (Mario Reale)

+1 ( T. Wolniewicz)

+1 (Nicole Harris)


develop into production service (Stefan Winter)

also EAPlab - low usage but quite important for developers

radsec - let's radsec

Info Contact: Stefan Winter/Paul Dekkers


+1 (Brook Schofield)
This is important to move toward RADSEC and Dynamic Peer Discovery

eduGAIN Core

MDS operation, SG secretariat & support for federations

Info Contact: Tomasz Wolniewicz (tech)/Brook Schofield

+1 (Thomas Lenggenhager)

+1 (Wolfgang Pempe)

+1 (SURFnet)

+1 (Mario Reale)

+1 (T. Wolniewicz)

+1 (Nicole Harris)

Continue the stable service (Thomas Lenggenhager)

Move into operations without using project funding (SURFnet) +1 (Nicole Harris)

eduGAIN supporting services

Tools such as IsFederated, ECCS etc. aggregated into technical/edugain.org

Info Contact: Tomasz Wolniewicz, Lukas Hämmerle

+1 (Thomas Lenggenhager)

+1 (Wolfgang Pempe)

+1 (SURFnet)

+1 (Mario Reale)

+1 (T. Wolniewicz)

Consolidate separate tools into one service (SURFnet)


Useful tools (Thomas Lenggenhager)

Move into operations, without project funding, where applicable (SURFnet)

eduGAIN enhanced support

Troubleshooting coordination/support for complex interfederation issues, central SIRTFI support where needed, SP reg of last resort via UK Federation.

Info Contact: Lukas Hämmerle

+1 (Thomas Lenggenhager)

+1 (Wolfgang Pempe)

+1 (SURFnet)

+1 (Mario Reale)

+1 (T. Wolniewicz)

Develop model so this can be moved into operations without using project funding (SURFnet)

Evaluate the SP of last resort registration (uptake, policy, do we still want / need this?) (SURFnet)


Registry of last resort with good support could be useful. Help candidate fed ops to increase their know-how and learn from others. (Thomas Lenggenhager)

Based on the AARC recommendations, I'd advocate for the SP registry to be promoted more not only as an eduGAIN enhancement but as a capability for GEANT to not only broker contracts on behalf of the members but also offer the technical platform to connect SPs to eduGAIN. Specifically I'm referrring to SPs that are explicitly global or pan european in scale and have little direct working relationship with federations, and/or those for which GEANT has a framework agreement.

See also eduGAIN SG thread eduGAIN-integration" for not-really-interested SPs" from 11/9/2017


eduGAIN BCP

Recommended practices for federations and their entities e.g. SIRTFI adoption, Assurance Profiles, MFA BCP etc.

Info Contact: Nicole Harris/Pål Axelsson

+1 (SURFnet)

+1 (T. Wolniewicz)

+1 (Brook Schofield)

+1 (Nicole Harris)



Keep it simple, mainly as a check-list with links to the details. (Thomas Lenggenhager)

+1 for Thomas' comment (Wolfgang Pempe)

+1 as above (Mario Reale)

It has to be new - 'cause it doesn't yet exist.

Rephrase - I'd like to see this as an account manager role for Service Providers within eduGAIN / as part of the eduGAIN support function.

Federation as a Service

Federation platform: MDA, RR, HSM etc. as a service.

Info Contact: Marina Adomeit

+1 (Mario Reale)

+1 (T. Wolniewicz)

+1 (Michael Schmidt)

Investigate how much this can help federation uptake outside EU (SURFnet).+1 (Nicole Harris)

How successful is it? Is it worth the effort to continue? (Thomas Lenggenhager)

+1 for Thomas' comment (Wolfgang Pempe)

Evaluate how much this has helped the organizations without federation, can we say something about future growth? (SURFnet)

Useful to pursue functional integration with Campus IdP and piloting (Mario Reale)

Make this run on AliCloud.

Needs complete change.


Campus IdP

toolkits, platform for provisioning and/or managed service

Info Contact: Mario Reale

+1 (Mario Reale)

+1 (Michael Schmidt)


+1 (Thomas Lenggenhager)

+1 (Wolfgang Pempe)

+1 (Nicole Harris)

Not relevant for us (Thomas Lenggenhager)

Promising developments on Docker to be further pursued, Ansible solution very comprehensive and mature, Full fledged Platform development fon Gn4.3 (Mario Reale)

There are existing offers doing this better than we can.

Promising solution for small organisations with scope for improvement. Could be extended by MFA or integrated with StepUp service for example. (Michael Schmidt)

InAcademia

https://inacademia.org

Note: Current intent is to operate via GÉANT Org, not project once in production.

Info Contact: Niels van Dijk

+1 (Thomas Lenggenhager)

+1 (Wolfgang Pempe)

+1 (SURFnet)

+1 (Mario Reale)

+1 (T. Wolniewicz)

+1 (Michael Schmidt)




eduTEAMS

group management, ID Hub (guest solution) as basic offer, advanced offer can include HEXXA, Perun etc.

Info Contact: Niels van Dijk

+1 (Thomas Lenggenhager)

+1 (Wolfgang Pempe)

+1 (Mario Reale)

+1 (T. Wolniewicz)

Investigate how to operate this wihtout project funding (SURFnet)
Fundamenal role for supporting Res Commun.(Mario Reale)

Discovery

central/common/distributed/federated discovery service with improved usability

Info Contact: Lukas Hämmerle

+1 (Wolfgang Pempe)

+1 (SURFnet)

+1 (T. Wolniewicz)

+1 (Thomas Lenggenhager)

+1 (Mario Reale)

+1 (Brook Schofield)


Don't forget the hub-and-spokies (smile) (SURFnet)

An instantiation of the REFEDS Discovery Guide (in at least 1 GÉANT service)

eduKEEP

User-centric Identity Federations, eduID initiatives

Info Contact: Maarten Kremers

+1 (Thomas Lenggenhager)

+1(Constantin Sclifos)

+1 (Wolfgang Pempe)

+1 (Mario Reale)

+1 (T. Wolniewicz)

Investigate role of eduKEEP in disconnecting authentication from attributes. Role of government IDs, eIDAS (SURFnet).

+1 (Nicole Harris) - only in the sense of project focus, this will continue.

+ 1 (Lukas Hämmerle)

This is too close to the campus for us to have any real impact with centrally.

Might be too early/too little benefit to somethings more concrete like a service and too little use to do something on international level (Lukas Hämmerle)

StepUp Services - Assurance & MFA

stepUp Assurance, Authentication (MFA) etc.

Info Contact: Maarten Kremers

+1 (Wolfgang Pempe)

+1 (SURFnet)

+1 (Jule Ziegler)

+1 (Thomas Lenggenhager)

+1 (Mario Reale)

+1 (Brook Schofield)

+1 (Nicole Harris)


The non-vendor specific StepUpaaS from SURF should be forklifted into the GÉANT community and look at ways of delegating identity vetting via Postal Services and other methods that are country specific.

OIDC

Profile for eduGAIN, Federation BCP, any needed infrastructure to support global interop

Info Contact: Maarten Kremers

+1(Constantin Sclifos)

+1 (SURFnet)

+1 (Jule Ziegler)

+1 (Thomas Lenggenhager)

+1 (Wolfgang Pempe)

+1 (Mario Reale)


+ 1 (Lukas Hämmerle)

Create OIDC Testbed for FedOps (Wolfgang Pempe) +1 (Mario Reale)

Create OIDC2Int (SURFnet)

Assuming (bilateral) OIDC support is integrated in Shib and SSP, this already is good enough. I doubt that making OIDC also support the federation architecture will provide much benefit over SAML given the effort needed to make this concept work (Lukas Hämmerle)

Cross sector interoperability

esp. interoperability with eIDAS

Info Contact: Christos Kanellopolous

+1 (Wolfgang Pempe)

+1 (SURFnet)

+1 (Mario Reale)

+1 (T. Wolniewicz)


+1 (Thomas Lenggenhager)

No priority (Thomas Lenggenhager)

Stay connected with the eIDAS folks (Wolfgang Pempe)

Work towards pan-european solutions (SURFnet)

Merge this (i.e. for eIDAS) with Step Up/Identity Assurance Service (Lukas Hämmerle)


eduPKI

Info Contact: Reimer Karlsen-Masur

+1(Constantin Sclifos)

+1 Reimer Karlsen-Masur

+1 (Brook Schofield)

+1 (Nicole Harris) - evolve


Include addition development such as:

  • cryptech.is
  • certbot development
  • CA CAB/Browser forum participation.

Other stuff like this to make the WHOLE landscape around our participation in CA clearer.

Certificate Transparency

Info Contact: Linus Nordberg

+1(Constantin Sclifos)

+1 (SURFnet)

+ 1 (DFN-PKI)

+ 1 (DFN-PKI) get the log trusted by Chrome and other browsers

Is anything actually happening here?  This is probably in the wrong area of the project at the moment and information about it is not very....transparent.

https://www.ct.nordu.net/

Add this into a larger workpackage on future certificate.

Unclear what this is about and if this is something T&I should be doing. Maybe move this to security topics? (Lukas Hämmerle)

F-TICKS

Info Contact: Jule Ziegler, Miro Milinovic





  • No labels