This Task delivers developments aimed at federations and campus identity providers, based on the existing federated identity and eduGAIN models and technologies.
It aims to make federated identity on a pan-European scale easier for federations and campus IdPs to adopt, more scalable to cope with significant growth of entities via eduGAIN, and more secure in complex operating environments.
Key objectives
The key objectives of Task 1 are:
T1.1 eduGAIN policy review
- In December 2015, the European Parliament and Council reached agreement on data protection reform [DPREFORM]. This will require legal and federation consultation and analysis of eduGAIN’s policies focused on attribute release (Code of Conduct, EU and international variants, Research and Scholarship Entity Categories, recommendations on User consent), in particular focusing on service implications for eduGAIN members.
T1.2 eduGAIN metadata management and attribute release management
- Develop, pilot and enhance methods for facilitating attribute release and encouraging take-up by federations, including GÉANT Code of Conduct development and support for R&S within eduGAIN.
- Develop and enhance methods for improving metadata management and interoperability, e.g. adoption and customisation of FedLab results.
- Develop and enhance methods to ensure quality metadata exchange, e.g. implementation of best practice on metadata streams for eduGAIN.
T1.3 Development of supporting services for campus identity providers
- Based on findings from AARC, TIER (Internet2) and NREN developments, develop a campus IdP extension to the FaaS service for sites and regions who currently do not have the ability to support or offer a cloud IdP-type of service to campuses.
T1.4 eduGAIN incident management development
- Based on findings from AARC and REFEDS, pilot and implement the recommendations on the Security Incident Response Trust Framework for Federated Identity (SIRTFI) in the eduGAIN operational context.
Deliverables and Milestones:
GREY Deliverable D9.1: Market Analysis for Supporting Services for Campus Identity Providers, M8
GREY Milestone M9.2: Assessment of DP Legislation Implications, M8, White Paper
GREY Milestone M9.4: SIRTFI Pilot Report, M20, Report
Minutes of periodic Task calls
Task1 Trello Board
https://trello.com/b/bNmCfbZK/geant-campus-idp-platform
Availability of people during the summer 2018 break
Relevant internal / collaborations documents
- Campus IdP platform architecture
- Campus IdP platform workplan May to October 2017
- Workplan Measuerement and Statistics
- SIRTFI strategy planning doc (F2F July 12-13, 2017 - Zurich )
Cloud-based IdP services Catalogue
https://campus-idp-test.geant.org/
Face To Face Meetings (notes, agenda, slides)
- Face To Face- Rome-May-4-5-2017
- Face To Face-Budapest-October-2-2017
- Face To Face-Paris-March 27-28-2018
- FaceToFace-Rome-October-4-5-2018
SWAMID REFEDS SIRTFI and REFEDS R&S Attribute Release Check
- https://sirtfi-check.swamid.se/
- Documented at Shibboleth SP attribute checker example - Require REFEDS SIRTFI and REFEDS Research and Scholarship
eduGAIN attribute release check
Measurement and Statistics wiki
Minutes of periodic task calls
- October 10, 2016
- November 7, 2016 (T1.3)
- November 21, 2016 (T1.3)
- February 3, 2017
- February 9, 2017 (Architecture Team)
- February 13, 2017
- February 27, 2017
- March 27, 2017
- April 10, 2017
- April 24, 2017
- May 22, 2017
- July 3, 2017
- August 21, 2017
- September 6, 2017
- September 18,2017
- November 6, 2017
- November 27, 2017
- December 18, 2017
- January 15, 2018
- January 29, 2018
- February 12, 2018
- March 5, 2018
- April 30, 2018
- May 14, 2018
Moving towards production: GEANT Software Management Tools
GEANT software pages: software.geant.net
- JIRA Bug / Issue tracker
- GEANT Artifactor Maven Artifacts Repository
Useful Links and References
- https://release-check.edugain.org/ eduGAIN attribute release check tool
- https://goo.gl/m75yFY Results of the Initial Survey for the NRENs
Presentations
- https://goo.gl/prkwTg TNC 2018 Throndheim June 11, 2018 ( Joint with Internert2) - https://tnc18.geant.org/core/presentation/142
- https://goo.gl/Sr8cjQ TechEx 2017 SFO Advance Camp - October 19, 2017
- https://goo.gl/5qBDTi JRA3 All Hands - Zurich December 12-13, 2016
Final Products Presentations and Documentation
| Product | Goals | Expected users | Notes on final status of the product | References (URLs) and Presentations / Videos / Documents | Subsequent related activity/task and persons involved in GN4-3 | Git Repository |
|---|---|---|---|---|---|---|
| Campus IdP Platform | Enable FedOps and IdP admin to spawn and manage their IdPs - Accessed as an eduGAIN SP. Hosted on Openstack or VMware. | FedOps and HOs IdP admins | Use Case "Create IdP" implemented:
| Demo Video: CampusIDP Platform DEMO (FULL Short Version).mp4 Documentation: Campus IdP Platform Architecture |
| Web Client: |
| Measurement and Statistics National and eduGAIN platform | Gather Fticks from IdPs belonging to national federatoins and eduGAIN, enabling national ID Federatoins to view and manage their forwarding to a central eduGAIN collector node | FedOps and eduGAIN admins | https://tnc18.geant.org/core/poster/41 | |||
Docker dpeloyment of Campus IdP | Enable Home organization to deploy a simple, basic Shib IdP on Docker | HOs IdP admins | ||||
| Ansible toolkit for deployment of Shibboleth IdP | Enable HOs and federatoin to install and configure IdP and related tools using Ansible. | HO IdP admins and FedOps | Ansible playbook and inventories needed to install and configure a Shibboleth IdP: Ansible playbook and inventories needed to install and configure some monitoring tools: Ansible playbook and inventories needed to create VMs upon OpenStack architecture: | |||
| SIRTFI email contacts verification tool | Deploy a web based tool accessible as eduGAIN SP capable of getting security email contacts for IDPs and capable of sending verification email to admins to verify the effectiveness of the addresses and their responsiveness. | eduGAIN support FedOps SIRTFI |