eduGAIN Town Hall

The eduGAIN Town Hall was held in concert with Trust and Identity White Paper priority meeting and the REFEDS 2018 Work Plan meetings in Amsterdam between Thursday 7th December 2017 and Friday 8th December 2017.

Wednesday 6th December

9:00 - 17:00

simpleSAMLphp workshop at SURFnet, Utrech
Separate Registration

Thursday 7th December - 13:30 - 17:00

10:30 - 12:30GÉANT Project Future Workplan
12:30-13:30Lunch
13:30State of the Interfederation Service - Brook Schofield (PDF)
14:00

Thinking of best practices in eduGAIN - Nicole Harris

 - 2018 eduGAIN SAML Profile Consultation

14:30eduGAIN Support - Thomas Baerecke (PDF)
15:00 - 15:30Coffee break + Catch-Up Time
15:30T&I Operations - Dick Visser (PDF)
16:00Any other Business (PDF)
16:30Summary and Actions
17:00Close

Thursday 7th December - 9:15 - 12:00

9:15 - 12:00

REFEDS Meeting

Attendance

Registration information available at https://eventr.geant.org/events/2786

Federations in Attendance (26)

  1. GRNET
  2. SURFconext
  3. LITNET FEDI
  4. DFN-AAI
  5. WAYF
  6. LEAF
  7. SWAMID
  8. SWITCHaai
  9. ARNaai
  10. FEIDE
  11. InCommon
  12. RCTSaai
  13. FEBAS
  14. IDEM
  15. eduID.cz
  16. eduID.lu
  17. SIR
  18. ACOnet Identity Federation
  19. eduID.hu
  20. IIF
  21. UK Federation
  22. CIF
  23. BIF
  24. GIF
  25. CAF
  26. SAFIRE

Attendees (50)

  1. Kostas Koumantaros - Greek Research and Technology Network - GRNET
  2. Mischa Sallé - Nikhef
  3. Niels van Dijk - SURFnet bv
  4. Eimantas Šerpenskas - Litnet | Kaunas University of Technology
  5. Nicole Harris - GÉANT
  6. Henny Bekker - SURFnet bv
  7. Wolfgang Pempe - DFN
  8. Mads Freek Petersen - wayf.dk
  9. Tangui Coulouarn - DeIC
  10. Brook Schofield - GÉANT
  11. Hans-Peter Ligthart - SURFmarket
  12. Maarten Kremers - SURFnet bv
  13. David Groep - Nikhef
  14. Chris Atherton - GÉANT
  15. Gerben Venekamp - SURFsara
  16. Valentin Pocotilenco - RENAM
  17. André Moreira - CLARIN ERIC
  18. Pål Axelsson - SUNET
  19. Ann Harding - SWITCH
  20. Molnár Péter - NIIF Programme / KIFU
  21. Klaas Wierenga - GÉANT
  22. Ouafa Bentaleb - Algerian Research Network, ARN
  23. Jaime Pérez Crespo - Feide
  24. Licia Florio - GÉANT
  25. Nick Roy - Internet2
  26. Lars Kviteng - UNINETT - Feide
  27. Sam Jones - Mimoto
  28. Leif Johansson - SUNET
  29. Thomas Baerecke - SWITCH
  30. Lukas Haemmerle - SWITCH
  31. Esmeralda de Jesus Galamba Pires - FCT|FCCN
  32. Andrey Novosad - UIIP NASB / BASNET
  33. Oleg Nosylovsky - UIIP NASB / BASNET
  34. Davide Vaghetti - Consortium GARR
  35. Michal Procházka - CESNET, z. s. p. o.
  36. Slávek Licehammer - CESNET, z. s. p. o.
  37. Alan Buxey - MyUniDAYS Ltd
  38. Jule Ziegler - LRZ/DFN
  39. Mario Reale - Consortium GARR
  40. Stefan Winter - RESTENA
  41. Jose-Manuel Macias Luna - RedIRIS
  42. Peter Schober - ACOnet staff
  43. José María Fontanillo Muñiz - RedIRIS (Pruebas SIR2 directo) - Spanish Research and Academic Network
  44. Dick Visser - GÉANT
  45. Christos Kanellopoulos - GÉANT
  46. Casper Dreef - GÉANT
  47. Michael Schmidt - Leibniz Supercomputing Centre (LRZ)
  48. Hendrik Ike - GÉANT
  49. Amina Khedimi - cerist
  50. Héder Mihály - MTA SZTAKI

Virtual Attendees (22)

  1. Eli Beker - IUCC
  2. Rhys Smith - Jisc
  3. Mohácsi János - NIIF Programme / KIFU
  4. Keith Hazelton - University of Wisconsin-Madison
  5. Ingimar Örn Jónsson - University of Iceland / RHnet
  6. Antonis Tzirkallis - CYNET
  7. Szabó Gyula - MTA SZTAKI Hungary eduID.hu
  8. Frank Tamás - WIGNER Research Centre for Physics
  9. Stefan Paetow - Jisc
  10. Reimer Karlsen-Masur - DFN-CERT Services GmbH
  11. Georgi Tsochev - BREN
  12. Temur Maisuradze - GRENA
  13. Marina Adomeit - AMRES
  14. Ralf Groeper - DFN
  15. Yuri Demchenko - University of Amsterdam
  16. Christoph Graf - SWITCH
  17. Chris Phillips - CANARIE
  18. Lalla Mantovani - Consortium GARR
  19. Hannah Short - CERN
  20. Marco Leonardi - ESA/ESRIN
  21. Guy Halse - TENET
  22. Harry V. Lalor - SheerID, Inc.

Apologies (7)

  1. Marco Malavolti - Consortium GARR
  2. Andrea Biancini - RETI
  3. Mark Bevers - SURFmarket
  4. Filip Marinic - European Space Agency
  5. Miroslav Milinovic - SRCE
  6. Thomas Lenggenhager - SWITCH
  7. Arnout Terpstra - SURFnet bv

Notes

State of the Interfederation Service

Brook gave a summary of what has happened in eduGAIN in the year past and what is projected to happen in 2018 with regular input and correction from the community. While the morning presentations were focused on the GN4-3 project workplan for 2019 there is still an opportunity to do work in 2018 ahead of the next long term plan.

With a raft of new members joining eduGAIN the focus has moved away from federation membership to encouraging 100% of the IdPs within identity federations to participate (where practical). There are 25 federations with more than 90% of their IdP membership participating in eduGAIN.

Highlighting some of the low % eduGAIN participants (such as RCTSaai/Portugal, AAF/Australia and GakuNin/Japan) was an opportunity to look at the various deployment models. It was an opportunity to engage Esmeralda about RCTSaai deployment and this will be an activity in 2018. Equally a meeting beetween GÉANT and NII the previous day highlighted the need to work on engaging GakuNin members as they want to limit their engagement with SPs and rely on other federations for managing their metadata with the added drive that this will only be possible with eduGAIN participation of the IdPs or risk losing access to services. The AAF have recently outline a mechanism to encourage eduGAIN participation with IdP operators supporting both SIRTFI and R&S in the same motion. Davide raised the issue of "opt-in" vs "opt-out" policy for deployment and how "opt-out" has driven high % engagement (at least visible via eduGAIN) for IDEM. The discussion focused then on metadata interoperability vs higher level interoperability. It is unclear at this point whether simple metadata interoperability is actually achieved and by what degree and whether adopting mechanisms from the maturity/BCP work for eduGAIN pariticipation is more effective. More tooling is required in this regard.

See the (corrected) slides for a summary of activity and visit https://technical.edugain.org/status for up-to-date progerss on federation candidacy, membership and participation.

Thinking of best practices in eduGAIN

Nicole clarified that work on reviewing all policies has largely been completed. There was no need to change the eduGAIN Policy Declaration. The constitutions is completely published and that new constitution requires a SAML profile going with it. The current status of the consultation was presented and a few "sticking points" were discussed.

Peter Schober clarified his comment about MetaIOP where "you must trust a key that is contained in the MD, purely since you trust the MD. You cannot NOT TRUST a certificate as a result and ADFS is not always compliant". In the balancing act of not kicking out ADFS and making use of existing definitions, further discussion will be required to resolve this.

In the current version of the policy, we require registrationinstant - but if nobody uses it, why do we keep it? There weren't any good reasons to enforce its use (which we don't anyway because it is SHOULD) simpler to remove.

Finally, regarding MD aggregators that aggregate metadata from multiple sources MUST use <mdrpi: PublicationPath> but since MDS only accepts metadata from a registrationAuthority and would ignore other entries this isn't needed. Delete.

[ACTION] Nicole to review and republish the eduGAIN SAML Profile.

eduGAIN Support

Thomas covered the transition of the "eduGAIN eScience Support Pilot" (starting in April 2017) to the eduGAIN Support Service. Statistics on ticket volume were presented in the slide deck. Future work will involve SIRTFI pilot support.

There was some discussion on new members of the federation community joining the support service as a training mechanism. It is desirable for those staffing the support service to have experience in the federation landscape. An extensive FAQ is being developed and the use of multiple people being available each week ensures that there is an escalation path.

T&I Operations

Dick Visser took some time to reflect on the T&I White Paper work that covered fundamental infrastructure and whether services should be wholey located on GÉANT infrastructure, entirely distributed or a mixture of both.

Some debate focused on the onus of a Github user to fund the legal defense of ligitation brought against Github for the contents of your code repository. It was concluded that risk is not being able to determine the cost of your lawyers rather than the likelihood of litigation. The array of code "testing" tools that integrate with Github was identified as a benefit that would out weigh other negative traits.

Currently the timeline for providing IaaS via GÉANT is a task that is being shortened. The work of the T&I Ops team within GÉANT (the organisation) will be reviewing this components and informing the work in the service activity of GÉANT (the project) in support of various tooling.

Any Other Business

Any other business was triggered by a short slide deck by Niels van Dijk (PDF) which presented on a proposal to make community signed metadata (in the vein of PEER/REEP) available with decorations. No concrete action resulted from this discussion.

All presentations can be found online.

Future meetings

The schedule of 2018 eduGAIN SG meetings will be distributed in late 2017.