Table of Contents outline true style none
eduGAIN Steering Group Meeting
15th December 12:00 UTC / 13:00 Amsterdam: https://timeanddate.com/s/419g
11:45 UTC | Arrival & "Can you hear me now?" (see eduGAIN SG - December 2020 173637723)
| |
12:00 UTC | Welcome, Introductions & Agenda Agreement | Terry Smith, AAF, Chair |
12:05 UTC | Membership Updates and Joining
| Casper Dreef, Secretariat |
12:15 UTC | Team Updates
| Davide Vaghetti, IDEM, Service owner |
12:30 UTC | Team updates: Security team
| Security Team |
13:00 UTC | Best practices WG | Davide Vaghetti / Niels van Dijk / Mihály Héder |
13:15 UTC | MyAcademicID | Licia Florio, GÉANT |
13:25 UTC | Future SG meetings, Any other business, Summary and Actions | |
13:30 UTC | Meeting Close |
Connection Details
Meeting ID: 659 3425 9919
Join Zoom Meeting (Zoom client): https://geant.zoom.us/j/65934259919
- Join Zoom Meeting (Browser) https://geant.zoom.us/wc/join/65934259919
- Password is shared in the meeting invitation
One tap mobile
+442034815237,,65934259919#,,1#,108532# United Kingdom
+442034815240,,65934259919#,,1#,108532# United KingdomFind your local number: https://geant.zoom.us/u/cdf6Rmjelt
Join by SIP
114216575@ by H.323 NB: The meeting will be recorded to assist with note taking.
Federations in Attendance (25)
- TAAT (Estonia)
- eduID.hu (Hungary)
- AAF (Australia)
- UK federation (UK)
- SAFIRE (South Africa)
- IDEM (Italy)
- SWAMID (Sweden)
- COFre (Chile)
- RiċerkaNET Identity Federation (Malta)
- InCommon (USA)
- AAI@EduHr (Croatia)
- CAFe (Brasil)
- HAKA (Finland)
- RoEduNetID (Romania)
- eduID.cz (Czech Republic)
- eduID.hu (Hungary)
- FEIDE (Norway)
- SIFULAN Malaysian Access Federation (Malaysia)
- GakuNin (Japan)
- safeID (Slovakia)
- GRNET (Greece)
- CAF (Canada)
- Fédération Éducation-Recherche (France)
- ARNaai (Algeria)
- LEAF (Moldova)
Attendees (36)
- Sten Aus (TAAT)
- Mihály Héder (eduID.hu)
- Terry Smith (AAF)
- Alex Stuart (UK federation)
- Donald Coetzee (SAFIRE)
- Davide Vaghetti (IDEM)
- Pål Axelsson (SWAMID)
- Alejandro Lara (COFre)
- Daniel Muscat (RiċerkaNET Identity Federation)
- Nic Roy (InCommon)
- Miroslav Milinovic (AAI@EduHr)
- Jean Carlo Faustino (CAFe)
- Rui Ribeiro (CAFe)
- Jari Toropainen (HAKA)
- Valeriu Vraciu (RoEduNetID)
- Jiri Borik (eduID.cz)
- Attila Laszlo (eduID.hu)
- Rhys Smith (UK federation)
- Hildegunn Vada (FEIDE)
- Janos Mohacsi (eduID.hu)
- Muhammad Farhan Sjaugi (SIFULAN Malaysian Access Federation)
- Irfan Hakim Abu Samah (SIFULAN Malaysian Access Federation)
- Eisaku Sakane (GakuNin)
- Nicole Harris (GÉANT)
- Casper Dreef (GÉANT)
- Marina Adomeit (SUNET)
- Romain Wartel (CERN)
- Jule Ziegler (LRZ)
- Martin Stanislav (safeID)
- Halil Adem (GRNET)
- Chris Phillips (CAF)
- Anass Chabli (FER)
- Daniel Kouril (EGI)
- Licia Florio (GÉANT)
- Aouaouche El-Maouhab (ARNaai)
- Valentin Pocotilenco (LEAF)
Apologies (xx)
Wolfgang Pempe (DFN)
Welcome, Introductions & Agenda Agreement
Terry Smith (Chair, AAF) opened the meeting and welcomed the Steering Group members for the last meeting of the year.
The minutes of the previous meeting were approved and all open actions remain open.
No topics for the AOB were suggested.
Membership Updates and Joining
Since FENIX (Mexico) has joined eduGAIN no new candidates have been assessed. The use of the new voting tool Zeus has lead to a significant increase of casted votes. The Secretariat is possitive about the tool and will use it for future votes.
Early December the Chair, Secretariat and Service Owner were approached by BIF (Bulgaria) with the request to be moved from voting-only to participating member. BREN has updated its policy page and the OT is collaborating with BIF to get their MDS working.
KRENA/Kyrgystan had its last successful validation early November 2020. The Identity Federation was notified multiple times, but failed to respond so far. The eSG agreed to start the technical suspension process in January 2021.
The Secretariat works closely with GÉANT's Partner Relations team to reestablish contact with the Identity Federation through their NRENs.
Team Updates
Operation team:
Performed usual updates to the service platform. The internal metadata tests demonstrated that there were no differences between the old metadata feed and the one used for the pipeline.
Improvements were made on the management of undocumented incidents. In the eduGAIN operations an 'emergency handbrake' is missing. Nothing in the existing policies or technical requirements talk how to mitigate issues. The OT has collected the main metadata issues that aren't covered by policies. This list was communicated via the FOG and eSG mailing lists. The OT created the possibilities to block an upstream feed when the Identity Federation suspects this creates a disruption of the service. In this case the newest feed will not be accepted and the OT will continue to use the old feed.
As it is not possible to fix issues in the metadata feed instantly, the OT is also looking into making it possible for Identity Federations to consume an older version of the metadata feed instead of the most recent version. The eSG finds logging the old feeds valuable but is hesitant to use older versions as main feed. Rather use time stamped files for analytics purposes.
Support team:
It has been quiet months for the Support team. Spam messages spiked in October.
F-tick pilot has started. It collects the statistics of the usage of federated authentication, doing something similar that has been done for eduroam statistics. The infrastructure is being moved to a new service, provided by GÉANT. GARR will provide the testing platform. The aim is to move to full production by Q1 of 2021. At the same time works are ongoing on making the service more reliable. The team is preparing an infoshare for January.
Team updates Security team:
On behalf of the Security team Romain Wartel (CERN) was invited to the meeting to present on the team's activities.
Afterwards the eSG expressed its concerns regarding the communication methods of the Security team. The main concern is regarding the direct communications with entities, without informing the federation operators about this activity. This has caused major trust violations and reputational damage for the federation operators, as they were not aware of the activities and therefore weren't able to respond to questions from constituencies.
The eSG urged the Security team to improve communications. At the minimum Identity Federations' security contacts should be informed and included in the messages.
Two questions were raised by Romain:
1) How to communicate, notify or make sure the federation operators are in the loop, without comprising the confidentiality of the information we have.
2) Help to draft the messaging correctly.
Action: to continue the conversation in a dedicated meeting. It was also considered to start a dedicated security Working Group.
Best practices WG
Davide, Casper, Nicole, Licia and Marina have worked on a policy and infrastucture for working groups inside eduGAIN. These working groups would operate similar to the working groups in REFEDS and might be helpful to move working items into adoption in eduGAIN. The regulations were drafted and can be found here: Working Groups.
A first suggestion for a working group would be the eduGAIN reporting tool which was created under the Incubator task in the GÉANT project (GN4-3) and would focus on metrics used, best practices and evaluation of the Identity Federations and the entities that you can find in the eduGAIN reporting tool.
Mihaly Heder (KIFÜ) presented on the eduGAIN reporing tool (https://edugain-reporting-beta.incubator.geant.org/index.php). At the moment the tool is only available as beta version. eSG members expressed their interest in the tool.
Licia Florio (GÉANT) was invited to present on the results of the MyAcademicID project. The project has looked into the question on how to make eIDAS and eduGAIN work together. On the architactural level MyAcademicID has built the eIDAS - eduGAIN Bridge and created a new format of the European Student Identifier (ESI) and changed the specification to fit its purpose. Over the last couple of month 2600+ students and 550+ institutions in 38 countries, also outside the EU, have used the service. In August 2021 ESI will become mandatory to access Erasmus services.
Many entities that are using the service are currently not in eduGAIN. These entities are now being directed to their local Identity Federation. The second concern is the discussion around the scoped affiliation. There is some opposition about making scoped affiliation mandatory in entity categories in R&S. This is problematic, because without that the value the federation will be providing becomes much less. New use cases are emerging that require broader consideration.
At the moment is Europe focussed, but the project was approached by non-EU countries that expressed their interest. The project will look into this later.
Future SG Meetings, Any other business, Summary and Actions
Any Other Business: no AOB items were raised.
Future SG meetings 2021:
23 March 12:00 UTC
15 June 07:00 UTC
14 September 16:30 UTC
14 December 12:00 UTC