Versions Compared

Old Version 1

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version Current

changes.mady.by.user Niels van Dijk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

- In the future offer proxy to do aggregation on behalf of SP

 2.2.1. eduPersonAffiliation

Incoming attributes will be collected and passed on untouched:

2.2.2. eduPersonEntitlement13 eduPersonUniqueId -> Only incoming

2.2.8. eduPersonPrincipalName -> Only incoming

2.2.10. eduPersonScopedAffiliation2

3.24. 11. eduPersonTargetedID -> Only incomingdisplayName -> Via IdP (R&S)

Other outgoing attributes:

2.2.122. eduPersonAssuranceeduPersonEntitlement

2.2.13 eduPersonUniqueId12. eduPersonAssurance

2.2.14 eduPersonOrcid

3.2. cn (commonName)

3.3. description

3.4. displayName -> Via IdP (R&S)3.6. givenName

3.13. mail

  3.15. mobile -> future use?

...

x.y IsMemberOf

Support of ssh pubkey?

Attribute Scoping

IsMemberOf and eduPersonEntitlement are both scoped to the VO using an at sign

Changes needed for eduTEAMS Identity Hub

  • Publish IdP proxy metadata for a single proxy endpoint
  • Check incoming attributes on Backend to see if we are getting enough info to be R&S compliant
  • incorporate/use discovery service

  

GAPS identified for Membership Management

  • VOOT ansible scripts
  • COmanage Ansible needs changing - Basic provisioning
  • Ansible for export script - Ansibelize script deployment
  • Ansible for MySQL database for Master ->  Slave replication
  • Loadbancers Ansible
  • Gui for connecting SP to CO
  • Gui for onboading new VO/VOadmin
    • Out of band via email intially
    • We send out an invite to the invite form
    • Validate if the user is in GEANT by calling external service.
    • If false, present a good error message.
    • Fill in form, which needs custom fields
      • Define the fields
        • Include SPs
    • Email to validate the entry
    • We ok the entry
    • Use provisioning plugin to provision into specific DB or LDAP OR better via API directly into Comanage.
  • For initilal Piot use wiki page for "form" questions + email.

Activities

  • Update wiki page on generic setup (Niels) - This week
  • Ansible scripts for Bastion host (Discuss between Simone, Kristof) (Okt 24)
  • Deploy 8 VMs (Kristof, later Mandeep) (Nov 18)
  • Setup IdPs and SPs for testing/dev. (Niels) (Okt 31) - email  if needed
  • Deploy ID HUB (Krstof/Simone) - Use as test case for VM deploment - Nov 30
  • Modify ID HUB (Niels/Rebecka) (Okt 24)
  • Discuss with COmanage (Mihaly, Slavik) (Okt 31)
  • VOOT ansible scripts (Niels) (Nov 18)
  • COmanage Ansible needs changing - Basic provisioning
    • Create Workflows (Mandeep) (Nov 1)
    • Add to deployment (depending on discussion with COManage) (Mihaly)
  • Ansible for export script - Ansibelize script deployment (Mihaly) (Ok 31)
  • Ansible for MySQL database for Master ->  Slave replication (Kristof) (Nov 18)
  • Work out provisioning plugin (Niels) (Nov 30)
  • Loadbalancers Ansible (Kristof check with Simone) (Nov 18)
  • Set up CO intake form intitally in wiki (Tangui and Mandeep) (Nov 5, + 4 weeks for response)
  • Setup onboarding either in Comanage of seperate GUI
  • Really, Really deploy. (Krisfof + Simone) - feb 1, 2017