...
In December 2015, the European Parliament and Council reached agreement on data protection reform [DPREFORM]. This will require legal and federation consultation and analysis of eduGAIN’s policies focused on attribute release (Code of Conduct, EU and international variants, Research and Scholarship Entity Categories, recommendations on User consent), in particular focusing on service implications for eduGAIN members.
1.1.1 | eduGAIN policy review | Involved (lead) | Timeframe | Comments |
1.1.1.1 | Working group on eduGAIN constitution review | Nicole, Brook, Justin, Peter S, Alessandra, Marina, Chris P (advising), Tomasz | July - December 2016 | Complete |
1.1.1.2 | Community consultation and vote on eduGAIN constitution | Brook and Nicole | December 2016 - February 2017 | Complete
https://technical.edugain.org/doc/eduGAIN-Constitution-v3ter-web.pdf |
1.1.1.3 | Create a SAML Technology Profile that combines the current Metadata and WebSSO profiles. Consider making this mandatory (although not all the pieces within it REQUIRED or MUST) | Nicole, Brook, Justin, Peter S, Alessandra, Marina, Chris P (advising), Tomasz | February - July 2017
| Initial consultation complete. Final edit and voting to complete.
2018 eduGAIN SAML Profile Consultation
IMPACTS:
- need to update the current validator.
- need to restructure the joining the checklist.
Complete
|
1.1.1.4 | Review |
text of GDRPthe requirements in the existing eduGAIN metadata profile and add areas that are missing | Nicole, Brook, Justin, Peter S, Alessandra, Marina, Chris P (advising), Tomasz | February - July 2017 | Complete |
1.1.1.5 | Add in details to the eduGAIN SAML Technology Profile that are SAML specific requirements but have currently not been covered or removed from constitution (certificates, metadata url, MRPS) | Nicole, Brook, Justin, Peter S, Alessandra, Marina, Chris P (advising), Tomasz | As part of 1.1.1.3 | Complete |
1.1.1.6 | Manage issues associated with current SAML2int problems, liaise with Kantara and define WebSSO requirements for edugain
| Brook | Dependency unknown - awaiting community to move | Overtaken by work at InCommon and Kantara work |
1.1.1.7 | Introduce MRPS developed by REFEDS as standard template | Nicole and Brook | unknown | Proposal socialised at various meetings. Dependency on requirements set in the SAML Profile. Work has become to implement via:
|
1.1.1.8 | Deprecate current Attribute Profile and work on a best current practice (BCP) document to replace this. BCPs to be R&S, CoCo, MFA and Sirtfi. | Nicole | Jan - Jul 2018 | Proposal socialised at various meetings. What does it mean to have a BCP? - Documented on the eduGAIN website.
- These will be monitored and shown as warning in validators (including history).
- Warnings will be followed up by edugain-support.
- We will advertise and promote the BCP.
Do we need a incident response template for federations? Add security contacts for federations. |
1.1.1.9 | Position Code of Conduct and R&S as a best practice document and not a profile | Tomasz and Brook | Jan - Jul 2018 | Complete |
1.1.1.10 | Write eduGAIN Operational Practice Statement | Tomasz | Sept - Dec 2017 | eduGAIN Operations - SAML eduGAIN Operational Practice Statement |
1.1.1.11 | Write eduGAIN Metadata Aggregation Practice Statement | Tomasz | Sept - Dec 2017 | Metadata Aggregation Practice Statement |
1.1.2 | Review text of GDPR | | M4-M6 |
| Get input from Andrew CComplete |
| Review Federation interpretations of impact on their local and eduGAIN systems | | M6-M8 |
---|
| Develop statements and recommendations for stakeholders | | M8-12 |
---|
| M9.2 Assessment of DP Legislation Implications | | M8 (EC Milestone) |
---|
M8Does not need full TA review | 1.3 | CoCo V2 | Mikael | Ongoing | Dependencies - GDPR, Privacy Shield. Cross-ref with REFEDs |
|
1.1.2 | International CoCo Development |
| GDRPGDPR, Privacy Shield. Cross-ref with REFEDs |
Current Status
Milestone/Deliverable
...