| 9:30 | Arrival & "Can you hear me now?" via https://connect.sunet.se/edugain |
| 10:00 | Welcome, Introductions & Agenda Agreement |
| 10:15 | Summary of Current Status See http://edugain.org/technical/status.php
|
| 10:30 | New member questions, candidates and policy status Candidates (4) with Policy & MRPS available
Candidates (3)
Known Federation Initiatives (11)
It is hoped that the situation regarding the above federations can be cleared up prion to the meeting so that it is know whether we are voting on their membership or providing additional feedback to the federation operators on their process. Voting/objecting to progressing federations to membership status. |
| 10:45 | What is the value in a vote? Discussion in light of the above assessment and discussion on the mailing list. |
| 11:00 | What does it mean to exchange metadata? |
| 11:15 | GN3plus is dead - GN4 is beginning - what does this mean for eduGAIN? Summary of Harmonisation Task - Nicole Harris, GÉANT Association |
| - | Any other Business Q1: Does "eduGAIN" want to take on a trust router/ABFAB protocol and what are the implications of doing so? Q2: Will the eduGAIN SG govern and oversee trust router infrastructure usage and peering? Is eduGAIN-OT responsible for the infrastructure? Q3: Is the supplied profile sufficient or is an eduGAIN Constitution change required? Timeframe? Who? |
| 11:30 | Summary, Actions and Close (or we're running over time). |
Attendance: Brook Schofield, Glenn Wearen (Edugate), Miroslav Milinovic (AAI@EduHr), Eli Beker (IIF), Peter Schober (ACOnet Identity Federation), Rhys Smith & Ian Young (UK Federation), Jan Oppolzer (eduID.cz), Jean-François Guezou & Olivier Salaün (FÉR), Mads Freek & Finn Dorph-Petersen (WAYF), Chris Phillips (CAF), Janne Lauros (HAKA), Lalla Mantovani (IDEM), Wolfgang Pempe (DFN-AAI), Tamás Frank (eduID.hu), Lukas Hämmerlee (SWITCHaai), Pål Axelsson (SWAMID)., Maja Gorec and Tomaslz Wolniewicz (PIONIER-AAI), Jaime Perez (UNINETT).
Guest Participants: Nicole Harris (GN4/SA5/T1 - Trust and Identity Task Leader)
Federations in Attendance: 17
The agenda is as follows:
1. Summary of Current Status
http://edugain.org/technical/status.php
2. New member questions, candidates and policy status
I'll follow-up with details of new federations that are completing their policy and wanting to join eduGAIN ahead of the end of the GN3plus project. This is because they have funding tied to this project. It isn't a requirement for the eduGAIN SG to rush these applications because of the cessation of this project (even though they are funded from the same pool). But I believe that it would be advantageous if we could discuss and include these federations if warranted.
- Current Candidates: Armenia, Georgia, India and Oman
- Federations Getting Close: Belarus, Bulgaria, Moldova, Serbia and Slovakia
3. What is the value in a vote?
There is no clear process on what the members are being asked to do as part of a vote. Is this voting on whether documents are correct or is this voting on membership and can the two be seperated? What is the value judgement being made? It is valuable to have a health check done on documentation for the benefit of the joining federation but this does not necessarily touch on whether they should be members.
Other concerns raised included whether federations changed their policies and if this was captured. It was proposed that the versions that are in place when the member is accepted should be captured.
Members have repeatedly shown that they prefer to abstain from voting rather than say no. It is clear in the process that a simply majority was in place but people felt it operated more like a veto. The voting may be more diverse when different federation types come in to play. It is unlikely that "no's" will ever have a majority,
It is easier to say yes: if people have worked with the federation before and if a recommendation is made by someone.
Four actions were proposed:
3. 1. Put in place a process that describes how federations are on-boarded and how the voting process works. This could include a check list of things that need to be done before a vote occurs.
3.2. Put in place a process whereby a rolling cycle of members act as mentors for each new federation and make recommendations for each member.
3.3. Capture the version of documents in place when the federation joins.
3.4. Consider moving the health check activities elsewhere rather than fully depending on the edugain-SG.
ACTION20150430-01: Brook to move the current candidates forward to vote and then consider the proposed changes to the process with the OT and other relevant stakeholders.
4. What does it mean to exchange metadata?
There are issues around:
- whether opt-in or opt-out is important.
- attribute release.
- different processes with downstream metadata.
We need to get these things in order before we can look at issues around attribute release.
5. GN3plus is dead - GN4 is beginning - what does this mean for eduGAIN?
Nicole provided a summary of her task within GN4. The most important areas for the edugain SG will be work around the MRPS and general recommendations around how metadata is consumed and published by federations. We will be pushing the MRPS towards edugain for deployment.
ACTION20150430-02: NH to circulate the MRPS for comment.
6. Any other Business - Moonshot
Moonshot Profile raised by Rhys Smith and the Questions posed by Chris Phillips (rephrased by Brook)
Q1: Does "eduGAIN" want to take on a trust router/ABFAB protocol and what are the implications of doing so? i.e. Does edugain want to represent different technology profile approaches within its strucuture?
- Introduing a new trust broker as different workflow from the MDS - currently not well structured to do this. Would have to focus on this. There are also implications about a trust model where the trust broker is not run by a central operational team. f there is more than one service, "mandatory" vs. "optional" becomes more complex; there can be profiles which are optional in the sense that you don't need to implement if you don't use a particular service, but which are mandatory if you do want to use that service. The SAML 2 metadata profile would be one of those, for example.
Q2: Will the eduGAIN SG govern and oversee trust router infrastructure usage and peering? Is eduGAIN-OT responsible for the infrastructure?
- difficult if trust broker is distributed rather than centralised in the current edugain MDS model.
Q3: s the supplied profile sufficient or is an eduGAIN Constitution change required? Timeframe? Who?
- The constitution would need changing as it is too tightly coupled to a SAML workflow. Process does not mention the role of the MDS at all - this needs to be brought out more in the SAML profiles.
Q4: This is an optional profile, right?
- Would have to be - although mandatory vs optional becomes more complex.
Q5. Why is this not an eduroam profile? Is this different from adding RADIUS / eduroam profile to eduGAIN?
- not easy to fit in eduroam model - very different (e.g not a single service model).
Q6. What would be the consequences for current eduGAIN members of Moonshot becoming part of the eduGAIN policy framework?
- Need to seperate the two questions. Current document is not a profile - it is too open ended so cannot be voted on now. This is seperate from the question of whether we want to change eduGAIN constitution to allow it to be used for new approaches. This needs to be started now. As a community, we need to be convinced that there is a good reason to change this basic approach.
ACTION20150430-03: Rhys / Brook / Nicole to work on an FAQ that looks at the issues involved in introducing an new technology profile to eduGAIN.
7. Any other Business - WAYF
7.1. WAYF have started publishing (proxy) IdPs to eduGAIN 3 now - 90 soon
7. 2. PHPH tool at https://phph.wayf.dk - screencast at https://youtu.be/Jv_xYdd1Hrs
7.3. Does anyone have a set of Ian style XSLT rules for eduGAIN md requirements ?
- https://github.com/ukf/ukf-meta? but not upstream rules.
- edugain validator? other pre-flight check style approaches?
ACTION20150430-01: Brook to move the current candidates forward to vote and then consider the proposed changes to the process with the OT and other relevant stakeholders.
ACTION20150430-02: NH to circulate the MRPS for comment.
ACTION20150430-03: Rhys / Brook / Nicole to work on an FAQ that looks at the issues involved in introducing an new technology profile to eduGAIN.