Thursday 13th October 2016 - 14:30 - 16:00 CEST (in your timezone)
Please Note that the minutes of this meeting is DRAFT.
14:15 | Arrival & "Can you hear me now?" via https://connect.sunet.se/edugain |
14:30 | Welcome, Introductions & Agenda Agreement, Justin Knight
|
14:35 | Revision of the eduGAIN Policy Framework
|
15:00 | WebSSO profile, SAML2Int and Updates
|
15:25 | File:20161013-eIDAS-Update-wiki.pdf
|
15:35 | Quality Auditing within eduGAIN
|
15:45 | Summary of Current Status
|
15:50 | Future SG Meeting
|
15:55 | Any other Business |
16:00 | Summary, Actions and Close (or we're running over time). |
Please Note that the minutes of this meeting is DRAFT.
Attendance
Attendance (17):
- Arnout Terpstra
- Brook Schofield
- Chris Phillips
- Claudio Chacon
- Finn Dorph-Petersen
- Ioannis Kakavas
- Kristóf Bajnok
- Marina Adomeit
- Pål Axelsson
- Peter Schober
- Rhys Smith
- Lukas Hämmerle
- Wolfgang Pempe
- Terry Smith
- Tomasz Wolniewicz
- Valentin Pocotilenco
- Nick Roy
Apologies:
- Alejandro Lara (COFRe/ReUNA/Chile)
- Jan Oppolzer (CESNET/eduID.cz)
Guest Participants:
- Nicole Harris
- Maarten Kremers
- Christos Kanellopoulos
- Mikael Linden
Member Federations in Attendance (16):
- SURFconext, CAF, GRNET-AAI, MINGA, WAYF, UK Federation, eduID.hu, LEAF, DFN-aai, SWAMID, PIONIER.Id, AAF, ACOnet Identity Federation, SWAMID, SWITCHaai, InCommon
Candidate Federations in Attendance:
- iAMRES
Welcome and Introduction
Everyone was welcomed to the meeting. Justin Knight introduced himself to the SG members and announced his role in the scope of the GN4-2 project supporting the current iteration of eduGAIN.
Of the two Open Actions (update link) the 1st (ACTION20151013-01) will be parked until the constitution is updated and will form part on an updated WebSSO profile. The second (ACTION20151013-02) is still under review by the OT.
Revision of the eduGAIN Policy Framework
On the issue of technology agnostic eduGAIN Constitution revision, Nicole Harris described the timeline and the feedback that had been received by a subgroup that has been working on this update. The plan is to have the Constitution available in December with a vote to begin after the next eduGAIN SG meeting. Details at https://wiki.edugain.org/EduGAIN_Policy (update link).
The group is still awaiting feedback from the GÉANT Board/Chair who have commented on a recent revision of this document. That input will be sanitised by Valter Nordh and made available to Nicole Harris for inclusion where appropriate.
The question was raised on whether eduGAIN Delegates/Deputies were empowered to vote in this regard or whether they would need approval from within their organisation?
Chris Phillips asked whether the update requires only a vote or a signature to consummate the change? The chair clarified that the Declaration will NOT be altered therefore re-signing will not be required.
For a constitutional change there is a requirement for a 2/3 majority of the membership to vote in the affirmative.
Some federated detailed that they would need internal approval/authorisation:
- Tomasz Wolniewicz (PIONIER.Id)
Other delegates detailed that there would not be a delay with internal processes:
- Peter Schober (ACOnet)
- Lukas Hämmerle (SWITCHaai)
- Rhys Smith (UK Federation)
Brook and Justin will seek clarification from all outstanding federations with regards to their processes for being able to vote on this topic and how to reduce the overhead as the vote will be carried out during the Christmas/New Year period.
ACTION20161013-01: Brook and Justin to poll edugain-SG members on required approval processes internally for eduGAIN constitutional sign-off.
Lack of participation in voting on topics can impact your right to vote. Terry Smith (AAF) asked is there a site where we can see which federations have drop out for voting?
ACTION20161013-02: Brook and Nicole to document voting history. (This action was completed - an initial page https://wiki.edugain.org/EduGAIN_Votes (update link) was established. After the compilation of the 1st version of EduGAIN_Votes (update link) and a discussion on the mailing list it was decided that a “no-op” vote would be held in the lead up to the next eduGAIN SG meeting to allow members to re-establish their voting right).
ACTION20161013-03: Brook to create a no-op vote to allow members to re-establish their voting rights.
eIDAS Cross-Sector Interoperability
Due to a fire drill the chair left the meeting and asked Christos Kanellopoulos to present on the eIDAS meeting and the possibility for a interoperability project between our community and eIDAS.
Peter Schober asked where are we having the discussion about how to integrate (national proxies, central proxy at GEANT/eduGAIN level, eIDAS as potential eduGAIN member etc). The suggestion was to use eduGAIN-Discuss for those not participating in the AARC project.
Chris Phillips asked if there is a desire for examples of external to EU participants in this, how do you see that happening (e.g. USA, Canada)? USA has 50 states, Canada 13 provinces.
Wolfgang Pempe stated that DFN is interested in participating as they have already been contacted by the German federal eID.
For those expressing their interest to contribute to the preparation for the pilot with eIDAS please make contact with Christos (and Maarten Kremers) before December. Ideally a group with 3-4 people is requested to work on the possible integration scenarios with the eIDAS infrastructure.
WebSSO profile, SAML2Int and Updates
The WebSSO profile for eduGAIN has a dependency on SAML2Int [https://saml2int.org/] and some issues have been raised on eduGAIN-Discuss (see https://lists.geant.org/sympa/arc/edugain-discuss/2016-08/msg00013.html ).
As a result of the updating of SAML2Int, the profile is no longer recommended due to concerns about security changes and its stewardship which means that the WebSSO profile is currently deprecated.
There was interest in updating SAML2Int specification as a result and that members of the eduGAIN SG should actively participate in the Kantara Federation Interoperability Work Group: https://kantarainitiative.org/confluence/display/fiwg/ with a view to a minor update to 0.2.2 ahead of any further updates from the wider feedback that has been contributed by the community, REFEDS and InCommon.
Peter Schober highlighted an old diff with suggested changes as the the level of detail submitted to Kantara https://kantarainitiative.org/confluence/display/fiwg/saml2int
Quality Auditing within eduGAIN
From an openspace event at the NORDUnet conference attended by Leif, Lukas, Roland Hedberg and Brook there was a proposal to Inject Metadata (either via a synthetic federation or via a existing member) which would be used to measure the propagation time of metadata from eduGAIN to federation feeds and eventually endpoints. Due to a lack of time and the absence of a concrete proposal this will be parked until there is a document on the wiki and distributed on the mailing list.
Some discussion surrounded the timeline for metadata updates with hourly/daily frequency being used. This proposal will focus on determining the actual timeline rather than the intended. Lukas Hämmerle pointed the group to some basic measurement data at https://technical.edugain.org/isFederatedCheck/Federations/ (Last Metadata Refresh).
There is no need to generate a recommendation until we can verify it is being used. It is already recommended to automate the updating of metadata - but we’ve experienced that sometimes these systems break down.
Summary of Current Status
The current status of eduGAIN can be found at http://edugain.org/technical/status.php
A vote on KAFE wasn’t held as this wasn’t included on the agenda previously.
Also the chair (Brook) made a mistake by stating that 16 federations in attendance wasn’t above the 50% mark to hold a vote. This is incorrect. A simple majority of those that vote are required for membership matters. Because of the previous discussion of the constitution update the chair confused the 2/3 majority requirement with that of the simple majority requirement.
An electronic vote of KAFE will be announced on the mailing list.
ACTION20161013-04: Brook to distributed an email with details on how to vote for KAFE membership of eduGAIN.
Future SG Meeting
Because of the cancellation of the EWTI event in December 2016 there will be a replacement GÉANT Project Trust & Identity All-Hands meeting. The question was asked whether the eduGAIN Town Hall should be aligned with this or another event. It was decided that the eduGAIN Town Hall will be parked until another opportunity arises. TNC17 and the REFEDS meeting was raised as having wide attendance of the SG.
Members expressed the value in a physical meeting and also the need to hold SG meetings more regularly. The virtual SG meetings will now be run on a 2 month (8 week) cycle. Nick Roy asked whether they could follow the same patterns of the IETF with 3 major timezone shifts to support different regions. This request will be accommodated.
The next eduGAIN SG meeting will be scheduled for Wednesday 14th December 2016.
Any other Business
None was raised at this time.
Summary of Actions
ACTION20161013-01: Brook and Justin to poll edugain-SG members on required approval processes internally for eduGAIN constitutional sign-off.
ACTION20161013-02: Brook and Nicole to document voting history. (This action was completed - an initial page https://wiki.edugain.org/EduGAIN_Votes (update link) was established. After the compilation of the 1st version of EduGAIN_Votes (update link) and a discussion on the mailing list it was decided that a “no-op” vote would be held in the lead up to the next eduGAIN SG meeting to allow members to re-establish their voting right).
ACTION20161013-03: Brook to create a no-op vote to allow members to re-establish their voting rights.
ACTION20161013-04: Brook to distributed an email with details on how to vote for KAFE membership of eduGAIN.