Please Note that the above time is CONFIRMED.
Arrival & "Can you hear me now?" (see Connection Details)
Welcome, Introductions & Agenda Agreement
|Membership Updates and Joining|
eduGAIN Support and Mentoring
Future SG Meetings
Any other business, Summary and Actions.
Meeting Close (as there is an official event we need to vacate this room for).
*Not a member.
Guy Halse, SAFIRE
Rhys Smith, UKAF
Zenon Mousmoulas, GRNET
Toby Chan, HKAF
Thomasz Wolniewicz, PIONIER
Maja Goredka-Wolniewicz, PIONIER
Saeed Khademi, IR Fed
The Chair welcomed everyone to the 5th meeting of 2018.
Prior to virtual attendees coming online the chair was explaining to those in the room (this meeting was co-located with the APAN46 conference and specifically the task force on identity and access management (TF-IAM) that is working with APAN members and Asi@Connect project beneficiaries to develop identity federations in their home territories).
Recently the voting concluded on the membership of Morocco/eduIDM.ma and Mozambique/CAFMoz. This is the 2nd time that the Evento Voting system had been used. The use of this system was welcomed by all. There had been a few teething issues identified by some delegates, mostly to do with attribute release, and this has largely been fixed. There are currently 11 excluded voters from the next vote, six (6) of whom voted prior to the switch to Evento. It is known that Oman KID and ARNaai are still having issues using Evento.
There are 12 candidate federations, three (3) of which are currently under assessment:
The OMREN team has made it to APAN46 and has had discussions with many of their peer federations on future collaboration. It is expected that votes for at least 2 of the federations will begin shortly.
For details on new members and candidates see https://technical.edugain.org/status and work on progressing new members is underway.
The eduGAIN Compliance Issues wiki page has been updated and there is a noticeable drop in the issues of compliance with the new. While all new participating members must comply with this profile, existing participants will still have a grace period. The eduGAIN support team will continue to work with federations to reduce issues and once the numbers are close to zero or non-responsive federations are the only ones remaining then an enforcement date will be chosen (at a future SG meeting).
The attendance of some of the participants of this meeting have been made available by the BACKFIRE project. While the continuation of TF-IAM tomorrow (Tuesday, 7 August 2018) will focus on Policy Development it is often the case that federations only receive feedback on their policy when they are first attempting to join eduGAIN. There is a need for BACKFIRE/TF-IAM to align with the wider eduGAIN and REFEDS community to find mentors to align with developing federations. This will be taken up in TF-IAM and thanks to those community members that have offered their support and have supported federations in their development.
The question of Logo inclusion in metadata and whether: via URL, or fetch and embedding is the preferred option. Rhys stated that UK federation require HTTPS URLs and that is their preferred. It is known that some federations prefer embedding. Earlier it was stated by Andri that the federation effort in Indonesia has over 4,000 target institutions (more IdPs than currently in eduGAIN). The use of embedded logos would cause the metadata to balloon to a size that would be unmanageable. Raja stated that INFED has a target audience of 50k institutions. Metadata would become unmanageable even without embedded images, which raised the need for MDX to be on the horizon for federations.
Khamis asked about how to identify and realise the benefits of eduGAIN? Knowing what is within eduGAIN and of value out of the thousands of endpoints available has been a long-term challenge in eduGAIN. The future iteration of the GN4 project will required the creation of a cost model for eduGAIN which will require a service to explain the value. There has been a lot of work on service catalogues including MET, hand crafted assessments and Brook's own "not-met" in browser faceted search tool. Recently there has been a paper drafted on Service Catalogues in a Federated Context that will be soon published on the REFEDS site. This document had heavy contribution from eduGAIN members, the AAF in particular. This will hopefully pave the way for development in this space.
A follow-up question was on the use of F-Ticks and monitoring usage of services.
At the REFEDS meeting at TNC18 there was a presentation F-Ticks for Federations that might be interesting for those that missed it.
The deployment of this can be problematic and requires getting buy-in from IdP operators. Historically, SPs, especially those of a commercial nature, don't share any logging information. Vlad stated that Tuakiri/NZ used the Shibboleth v3 upgrade to do this rollout of logging with high acceptance rates by campuses. INFLIBnet use the IdP audit log within Shibboleth to do a similar task. Hub&Spoke federations have an advantage in this regard as all messaging travels via the Hub and thus statistics can easily be generated. Terry stated that the AAF previously used their centralised discovery service for statistics generation, but embedded or customised discovery services impact the resolution and they are moving to an IdP based statistics collection mechanism.
To visualise the results Edugate/HEAnet allow users to login to their service to see usage statistics.
A question was posed to Vlad on how Tuakiri/NZ perform access control against the syslogs that are sent their way. Not access controlled. Possible to use the IdPs IP address/ASN to perform filtering if abuse is suspected.
The next meeting will take place on Tuesday 25th September 2018 at via VC (17:00-18:30 CEST).
No other business was raised.
The chair thanked all that had addended, especially those virtually as the time for many members wasn't particularly favourable. The meeting closed early so that those attending the APAN46 conference could join the cultural performance and opening on time.