You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Service Description: Service to allow a user to see if his eduGAIN IdP is releasing attributes properly, not too many and not too few. Service URL is http://release-check.edugain.org/)

Components: Uses a LAMP stack with PHP and MySQL.

Code Repository: https://code.geant.net/stash/projects/GN4SA2T2/repos/edugain-attribute-release-check/browse

Infrastructure:

Operational Information: No regular operational maintenance needed as far as we know

Roadmap/ToDos:

  • REFEDS Research and Scholarship NG, what does the NG stand for? Locally change test names in code to:
    • EARC - REFEDS Research and Scholarship Test -> REFEDS R&S Test with Requested Attributes
    • EARC - REFEDS Research and Scholarship NG -> REFEDS R&S Test
    • EARC - GEANT Data Protection Code of Conduct Test -> GEANT Data Protection Code of Conduct Test
    • EARC - No Entity Category Test -> No Entity Category Test Changes SP MDUI DisplayName to
    • EARC - REFEDS Research and Scholarship Test -> EARC - REFEDS Research and Scholarship with Requested Attributes Test
    • EARC - REFEDS Research and Scholarship NG -> EARC - REFEDS Research and Scholarship Test
  • Discuss changing grade for overreleasing (ePTID and comon-lib entitlement value in UK and PL)
    • ePTID: Accept (= dont treat as superflous attribute) but show info that this attribute was not requested by SP, treat ePTID and persistentID the same way. Rename attribute e.g. to eduPersonTargetedID/persistentId
    • common-lib-terms: Dont tream common-lib-terms value in entitlement attribute as superflous. Treat other values as superflous though.
  • Provide REST/JSON API to query results (asked by Tomasz and Maja) or sync database to technical.edugain.org
    • API should allow to query results of a particular IdP and to ask which grades an IdP would get if releasing certain attributes to a test SP. Some API calls need yet to be defined and then documented somewhere (e.g. wiki.edugain.org). Should not have high priority as Tomasz/Maja asked for this based on false assumptions about EARC initially. However, others (e.g. Niels) also have some use for an API.
  • No distinction between ePTID and persistentID NameID format (Wolfgang)
    • See above, should not play a role anymore if both are treated the same way (= without penalty)
  • Provide (shib) idp admin hints on where to fix things
    • Add links to existing R&S, CoCo documentation if grade is worse than an A.
  • Why have the no-EC-test? (Pal Axelsson)
    • We don't have a good idea how to grade the results of this test because we don't know what should have more precedence: usability or data privacy or a mix of both.
    • Remove grading as it is not easily possible to do a proper grading but keep information on what is released.
    • Replace verdict with a hint (no attributes = good data privacy but bad usability, all attributes = the other way around)
  • Beautification proposals:
    • Remove section "entityCategories" as it is obsolete/redundant
    • Rename "requestedAttributes" -> "Requested Attributes"
  • Ask for local federation-specific attribute release check in next email to eduGAIN Steering group. Then add them to EARC.
  • No labels