...
13:15 SGT | Arrival & "Can you hear me now?" (see Connection Details) |
13:30 SGT | Welcome, Introductions & Agenda Agreement
|
13:45 SGT | Privacy and Member Contacts
|
14:00 SGT 8:00 CEST | Candidate, Member and Participant requirementsRequirements
|
See https://github.com/REFEDS/SAML-Profile/ for more info. | |
14:30 SGT 8:30 CEST | OIDC Federation
|
14:50 SGT 8:50 CEST | Future SG Meetings
|
14:55 SGT 8:55 CEST | Summary, Actions and Close (or we're running over time). |
15:00 SGT | Meeting Close. |
Connection Details
H323: https://call.lifesizecloud.com/otherways/2410313 H323:169.57.7.200##2410313
- SIP: 2410313@lifesizecloud.com
Phone: tel:+31858884440,2410313# or https://call.lifesizecloud.com/numbers
Attendance
Federations in Attendance (
...
21)
- SWITCHaai
- FÉR
- AAF
- CAF
- SURFconext
- PIONIER.Id
- GRNET
- TAAT
- RIF
- HKAF
- SWAMID
- Belnet-AAI
- IRFed
- KAFE
- Tuakiri
- SAFIRE
- LEAF
- IDEM
- IIF
- UK Federation
- SGAF
- CARSI*
- safeID*
*Not a member
...
.
Attendees (
...
36)
- Brook Schofield, GÉANT
- Casper Dreef, GÉANT
- Nicole Harris, GÉANT
- Thomas Lenggenhager, SWITCH
- Terry Smith, AAF
- Chris Phillips, CANARIE
- Arnout Terpstra, SURFconext
- Maja Gorecka-Wolniewicz, PIONIER.Id
- Tomasz Wolniewicz, PIONIER.Id
- Zenon Mousmoulas, GRNET
- Sten Aus, EENet / TAAT (Estonia)
- Sven Hüsson, EENet / TAAT (Estonia)
- Alex Mwotil, Uganda/RIF
- Anass Chabli, FÉR
- Jonathan Cheng, HKAF
- Nicholas Mbonimpa, Uganda/RIF
- Pål Axelsson, SWAMID
- Pascal Panneels, Belnet
- Saeed Khademi, IRFed
- Lukas Hämmerle, SWITCHaai
- Jang Minseok, Korea
- Sat Mandri, NZ/Tuakiri
- Vladimir Mencl, NZ/Tuakiri
- Guy Halse, SAFIRE (with Donald Coetzee)
- Valentin Pocotilenco, LEAF
- Davide Vaghetti, GARR
- Zivan Yoash, IIF
- Toby Chan, HKAF
- Simon Green, SGAF
- Justin Knight, Jisc
- Gerrit Bahlman, APAN Chair
- Erik K., NORDUnet
- William Wan, CARSI
- Md. Mahedi Hasan, Bangladesh/BdREN
- Peter Kopac, safeID
- Sharon Pingi, Uni PNG
Apologies (
...
11)
- Wolfgang Pempe, DFN
- Peter Schober, ACOnet
- Nick Roy, InCommon
- Ann West, InCommon
- Barbara Monticini, Italy/IDEM
- Jean Carlo Faustino, Brazil/CAFe
- Alejandro Lara, Chile/COFRe
- Jiri Borik, eduID.cz
- Andria Dionysiou, Cyprus/CIF
- Fernand De Decker, Belnet
- Jaime Pérez Crespo, FEIDE
Notes
Welcome, Introductions & Agenda Agreement
The Chair welcomed everyone to the 2nd meeting of 2018.
...
Notes
The open action item is addressed in the agenda.
Membership issues are to be discussed extensively at this meeting.
For details on new members and candidates see Current status - New members and candidates: See https://technical.edugain.org/status and work on progressing new members is underway.CAFMoz, RUNNET-AAI and safeID is underway.
Privacy and Member Contacts
Nicole highlighted the eduGAIN GDPR Impact Assessment and there will be a follow-up blog post summarising this advice. This is not a document for consultation/feedback - it is advice from the GÉANT project to the community.
Three options for the technical website:
- Default name + email address listed (current situtation).
- Default name with hidden email address.
- Neither name nor email address.
It was decided that the best approach would be to ask eduGAIN-SG delegates and deputies to give consent to their information being published and told that not having this information public is an option.
- ACTION20180327-01: Nicole Harris to ask all the SG delegates and deputies to opt-in to having their data published on the eduGAIN website, and make them aware that email can be hidden.
At the moment the eduGAIN-SG mailing list is set to the default that subscriber information is not visible to other subscribers. It is proposed that SG members have a legitimate interest in seeing this information (particularly if details may not be shown on the public webpage) so this should be changed to being visible to subscribers.
- ACTION20180327-02: Brook Schofield to propose a change in the mailing list settings to allow subscribers of the eduGAIN-SG to see other subscribers and give them a window to object.
Candidate, Member and Participant Requirements
SG members were asked to review federations that have:
- been in candidate federation status for a long time and
- been voting only members / non participants for a long time and
- make proposals as to how to proceed.
Thomas Lenggenhager suggested that a period of 18 months of lack of activity for candidate federations would be a good starting point for reviewing candidate federations. There would need to be a clear definition of what constituted a lack of activity. Brook suggested that candidates should have produced a policy and a MRPS within this period of time.
Thomas W queried whether there was any real problem with candidates not having shown activity and it might force candidates to invent policies that were not suitable simply to show progress.
A simple measure of progress might be that the federation is still responding to email and that this would be sufficient.
- ACTION20180327-03: Brook Schofield to propose email response as a simple bar for measuring responsiveness of candidate federations.
For existing participants, there is no check currently in place to ensure that the requirements that existed at the point of joining are still fully in place. Nicole proposed that this information should be re-validated once every 12 months and if requirements are not being met, then federations may be asked to restart the membership process.
- ACTION20180327-04: eduGAIN-OT to implement a yearly check of basic requirements for member federations. If requirements are not being met by any member federation, these issues will be brought to the next eduGAIN-SG for review.
Chris asked if policies should be reviewed by the eduGAIN-SG if they have changed. It was suggested that it would be good practice for federations to self declare on the eduGAIN-SG if they change their policy or MRPS and invite members to comment. Changes revealed during the yearly check should also be communicated to the SG list.
Long term candidacy
Federation | Date of Application | Status | Decision |
---|---|---|---|
Albania - RASH | 2018-01-18 | Recent applicant. No Policy/MRPS. | New simple bar for participation (responding to email) will be applied. |
China - CSTCloudFederation | 2017-11-10 | Recent applicant. Ready for assessment. | New simple bar for participation (responding to email) will be applied. |
China - CARSI | 2017-08-01 | Declaration only. No Policy/MRPS. | New simple bar for participation (responding to email) will be applied. |
Lebanon - LIFE | 2017-08-07 | MRPS required prior to assessment | New simple bar for participation (responding to email) will be applied. |
Malawi - MAREN | 2016-06-08 | Declaration only. No Policy/MRPS. | New simple bar for participation (responding to email) will be applied. |
Malaysia - SIFULAN | 2018-01-22 | Recent applicant. Ready for assessment. | New simple bar for participation (responding to email) will be applied. |
Mexico - FENIX | 2017-10-25 | Declaration only. No Policy/MRPS. | New simple bar for participation (responding to email) will be applied. |
Montenegro - eduID | 2015-06-16 | Policy under development. | New simple bar for participation (responding to email) will be applied. |
Mozambique - CAFMoz | 2016-10-13 | Joining process underway. Response to feedback required. | New simple bar for participation (responding to email) will be applied. |
Russia - RUNNET AAI | 2018-01-26 | Joining process underway. Responding to feedback. | New simple bar for participation (responding to email) will be applied. |
Russia - фEDUrus | 2013-07-03 | Declaration only. No Policy/MRPS. | New simple bar for participation (responding to email) will be applied. |
Serbia - iAMRES | 2015-04-01 | Declaration only. No Policy/MRPS. | New simple bar for participation (responding to email) will be applied. |
Slovakia - safeID | 2015-06-16 | Recent activity. New SG deputy and work on Policy. | New simple bar for participation (responding to email) will be applied. |
Members not actively contributing metadata
Federation | Application Date | Joining Date | Status | Decision |
---|---|---|---|---|
Bulgaria - BIF | 2017-03-15 | 2017-10-27 | Operational Federation not Supplying Metadata | It was agreed that there are no issues with Bulgaria's participation. |
Cyprus - CyNet Identity Federation | 2017-05-18 | 2017-08-15 | Federation Production supported by GRNET | No decision was made here. |
Italy - Grid Identity Pool | 2013-07-03 | 2016-08-11 | Operational Federation not Supplying Metadata | It was agreed that there are no issues with GridIdP's participation. |
New Zealand - Tuakiri New Zealand Access Federation | 2013-11-26 | 2013-11-26 | Operational Federation not Supplying Metadata | It was agreed that there are no issues with NZ's participation. |
Turkey - YETKİM | 2013-11-06 | 2013-11-26 | No Policy, No MRPS, No Metadata | Turkey was flagged as not meeting the current requirements for membership. This will be followed up with YETKIM. |
Following REFEDS best practices
Participating Member Nits
Federation | Issue | Status | Decision |
---|---|---|---|
Argentina/MATE | No creationInstant available | Support/Chair to make contact with the federation on this issue. | No decision was made here. |
Finland/HAKA | No creationInstant available | Support/Chair to make contact with the federation on this issue. | No decision was made here. |
Greece/GRNET-AAI | SG deputy missing | Support/Chair to make contact with the federation on this issue. | No decision was made here. |
Ireland/Edugate | No creationInstant available | Support/Chair to make contact with the federation on this issue. | No decision was made here. |
Portugal/RCSTaai | No creationInstant available | Support/Chair to make contact with the federation on this issue. | No decision was made here. |
Spain/SIR | No creationInstant available | Support/Chair to make contact with the federation on this issue. | No decision was made here. |
Participating Member Problems
Federation | Issue | Status | Decision |
---|---|---|---|
Croatia/AAI@EduHr | Supplied English version of the Policy missing | Will be available by Tuesday 1 May 2018 | To be reviewed at the next SG meeting. |
MRPS compulsory or not?
Federation | MRPS Exists | MRPS Based on Template | Decision |
---|---|---|---|
Algeria/ARNaai | YES | YES | Meets requirements |
Argentina/MATE | YES | YES | Meets requirements |
Armenia/AFIRE | YES | YES | Meets requirements |
Australia/AAF | YES | YES | Meets requirements |
Austria/ACOnet Identity Federation | YES | YES | Meets requirements |
Belarus/FEBAS | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Belgium/Belnet Federation | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Brazil/CAFe | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
Canada/Canada Access Federation | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
Chile/COFRe | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
Colombia/COLFIRE | YES | YES | Meets requirements |
Croatia/AAI@EduHr | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
Czech Republic/eduID.cz | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
Denmark/WAYF | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
Ecuador/MINGA | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
Estonia/TAAT | YES | YES | Meets requirements |
Finland/HAKA | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
France/Fédération Éducation-Recherche | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
Georgia/Grena Identity Federation | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
Germany/DFN AAI | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
Greece/GRNET | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
Hungary/eduId.hu | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
India/INFED | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Iran/IR Fed | YES | YES | Meets requirements |
Ireland/Edugate | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Israel/IUCC Identity Federation | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Italy/IDEM | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Japan/GakuNin | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Korea/KAFE | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Latvia/LAIFE | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Lithuania/LITNET FEDI | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
Luxembourg/eduID Luxembourg | YES | YES | Meets requirements |
Macedonia/AAIEduMk | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
Moldova/LEAF | YES | YES | Meets requirements |
Norway/FEIDE | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
Oman/Oman KID | YES | YES | Meets requirements |
Poland/PIONIER.Id | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Portugal/RCTSaai | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
Singapore/Singapore Access Federation - SGAF | YES | YES | Meets requirements |
Slovenia/ArnesAAI Slovenska izobrazecalno raziskovalna federacija | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
South Africa/SAFIRE | YES | YES | Meets requirements |
Spain/SIR | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Sweden/SWAMID | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Switzerland/SWITCHaai | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
The Netherlands/SURFconext | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
U.S./InCommon | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Uganda/RIF | YES | YES | Meets requirements |
Ukraine/PEANO | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
United Kingdom/UK federation | YES | YES | Meets requirements |
Bulgaria/BIF | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
Cyprus/CyNet Identity Federation | YES | YES | Meets requirements |
Hong Kong/HKAF | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Italy/Grid Identity Pool | NO | NO | Ask to be reviewed and put in place by 1st April 2019 |
New Zealand/Tuakiri New Zealand Access Federation | YES | NO | Ask to be reviewed and put in place by 1st April 2019 |
Turkey/YETKIM | NO | N/A | Ask to be reviewed and put in place by 1st April 2019 |
The accuracy of the above table needs to be confirmed. There are 21 federations without any MRPS and of those with some joining practice documented there are 16 that have an MRPS template compatible version of their MRPS. Feedback on your particular federation welcome.
Step 1: MRPS for everyone.
Step 2: MRPS template compatible MRPS for everyone.
The deadline was set as 1st April 2019 for all federations to have an adequate MRPS.
- ACTION20180327-05: Brook Schofield / Nicole Harris to contact all of the federations that do not have an adequate MRPS to discuss a plan for implementing a MRPS.
Incident response requirements
Nicole highlighted that edugain-support had started looking at the requirements for incident response and asked for comments and suggestions on the proposed requirements review for central support for incident response at eduGAIN. This can be found at: eduGAIN Incident Management Coordination Role.
- ACTION20180327-06: All to review the requirements for the eduGAIN Incident Management Coordination Role.
OIDC Federation
Davide gave an update on the status of OID and its potential impact on eduGAIN.
Brook asked when we will start to see OIDC federation happening within federations. To start work on an OIDC profile within eduGAIN we need to see participation from a broader group of federations and the OIDCre group will look to start proposing a profile for OIDC (within eduGAIN). Timing will depend on that participation.
An introduction of an OIDC profile would be open to all members of eduGAIN.
Chris asked on engagement between R&E and the OpenID Foundation. Davide reported that Roland was part of the OpenID Foundation and Mike Jones in return had participated in OIDCre work. Roland and Davide will also participate in the IIW in the next couple of weeks and propose an R&E working group within the OpenID Foundation. The biggest issue is finding someone to champion this work. We are seeing repeated problems with experience developers leaving our area.
Future meetings
The next meeting will take place on 8th May 2018 at 12:00 - 13:00 PDT.Future meetings: