Work Description
This work item will collaborate with REFEDS and with E-INFRA-7 to support the work started in the REFEDS Federations Operations Practices on topics such as metadata management, key operations and others. The work will include:
- Participation in the Federation Operators group to further identify and refine the practices necessary to guarantee the integrity, availability and confidentiality of the federation operations service provided by the national identity federations.
- Piloting the best practice with a subset of federations in the GÉANT eduGAIN community .
- Driving take-up of support for operations best practice within the GÉANT eduGAIN membership by bringing proposals for their adoption to the eduGAIN SG.
Work Area Leader
Nicole Harris
Work Area Participants
Daniela Pöhn, Tangui Coulouarn, Peter Schober, Lalla Mantovani, Thomas Lenggenhager, Nadia Sluer.
Work Area Actions / Ideas
- A Metadata Registration Practice Statement has been developed and circulated but not much feedback has been received. It is unclear whether this is because people are unhappy with the document / uninterested / think it is fine. Next steps would be to talk to the edugain SG about whether they would recommend this as a standard template for federations.
- Work with edugain SG to document adoption based on this statement.
- https://wiki.refeds.org/display/FBP/Federation+Operator+Best+Practice+-+FOP details proposed next steps in developing best practice. Need to ratify a direction for this and what next? Key Management might be interesting but has few use cases that push a need for its development. Publication is an important and problematic area. Need to work with edugain OT and SG on this one.
- Additional work added to make recommendations for updates to the eduGAIN policy framework to ensure that it is non-SAML specific.
Work Items:
REF | Work Item | Description | Responsible | Due Date |
---|---|---|---|---|
1.3.a. | Position Entity Categories as Recommended Practices within eduGAIN, separate from Profiles | Work with Brook and the eduGAIN SG to establish a "recommended practices" section for eduGAIN and move Code of Conduct to this section. Work with eduGAIN SG to add additional entity categories to this section. | NH to propose at meeting on 13th October 2015. | September 2015 |
1.3.b | eduGAIN policy change proposals to support | Propose policy changes to 1. establish a single SAML profile document and 2. change the eduGAIN constitution to be technology agnostic so other things could be hooked under this (Moonshot, GEANT Trust Broker, OIDC etc). Focus here needs to be on description of edugain OT, operational responsibility for trust broker technologies, changes to the SG to allow per-profile voting.
2. Initial draft available for comment. - This is intended to highlight the areas that would need change, not suggesting putting this forward as a proposal to the eduGAIN TSG at this stage. A broad set of recommendations is available. Lukas' team also working on an eduGAIN BCP document and are seeking comments. | NH to undertake initial draft, ALL to comment and support drafting. | October 2015 |
1.3.c | Complete MRPS | Work on MRPS to break out non-SAML specific processes (e.g. process of registering an organisation) from SAML metadata constructs. Work with eduGAIN SG to make this a recommended template for eduGAIN. Initial draft available for comment. The preamble has been split out to allow people to concentrate on the document itself - would recommend adding this for all the documents to a wiki page. | NH to undertake initial draft, ALL to comment and support drafting. NH to present at eduGAIN SG meeting on 13th October 2015. | October 2015 |
1.3.d | Policy template review | Complete a review of the policy template for required updates and work with eduGAIN OT to have this hosted in a more sensible place. | NH to establish policy template as working document. ALL to comment and support drafting. | TBD |