This section asks for your feedback on services and developments currently in GN4-2 and how you see they should be positioned in GN4-3 (from 2019 on).
They've been grouped by rough groupings rather than the internal project codes or current project structure as knowledge of GEANT project structure should not be a requirement to evaluate them. Please use the comments section if you'd like to break down the groupings more e.g. if you think one aspect should be stopped but not all.
You can indicate if you think it should be maintained, significantly changed/enhanced or dropped by adding +1 to the relevant column and adding extra detail in comments.
e.g.
Name | Maintain | Change | Drop | Comment |
---|---|---|---|---|
Example service 1 | +1 (yourname - optional, but makes clarification easier) | This is the best example service ever! Keep it.(yourname - optional) | ||
Example service 2 | +1 | Nobody is using this service, it is too complicated |
You can also indicate if GÉANT project, GÉANT community (independently of project) or another group should be the main driver if you have opinions on those matters.
If you are not sure of the current status or direction of any of these services, feel free to check details with the listed people, or simply say what you think it should be, or contact Ann, Marina or Klaas for more info.
Table of Developments and Services
Name | Maintain/Continue | Change/Improve | Drop/Retire | Comment |
---|---|---|---|---|
eduroam core servicesETLRS operation Info Contact: Miro Milinovic | +1 (Stefan Winter) +1 (Mario Reale) | +1 (Nicole Harris) | Move to a more sustainable subscription model outside the project. | |
eduroam supporting servicesCAT, monitor.eduroam.org etc. Info Contact: Stefan Winter/Miro Milinovic | +1 (Stefan Winter) +1 (Mario Reale) +1 (T. Wolniewicz) | +1 (Nicole Harris) | Move to a more sustainable subscription model outside the project. | |
eduroam Managed IdP(small and large site approaches) Info Contact: Stefan Winter | +1 (Stefan Winter) +1 (T. Wolniewicz) | develop into production service (Stefan Winter) | ||
eduroam diagnostics(end user diagnostics, probes etc.) Info Contact: Stefan Winter | +1 (Stefan Winter) +1 (Mario Reale) +1 ( T. Wolniewicz) +1 (Nicole Harris) | develop into production service (Stefan Winter) also EAPlab - low usage but quite important for developers | ||
radsec - let's radsecInfo Contact: Stefan Winter/Paul Dekkers | +1 (Brook Schofield) | This is important to move toward RADSEC and Dynamic Peer Discovery | ||
eduGAIN CoreMDS operation, SG secretariat & support for federations Info Contact: Tomasz Wolniewicz (tech)/Brook Schofield | +1 (Thomas Lenggenhager) +1 (Wolfgang Pempe) +1 (SURFnet) +1 (Mario Reale) +1 (T. Wolniewicz) | +1 (Nicole Harris) | Continue the stable service (Thomas Lenggenhager) Move into operations without using project funding (SURFnet) +1 (Nicole Harris) | |
eduGAIN supporting servicesTools such as IsFederated, ECCS etc. aggregated into technical/edugain.org Info Contact: Tomasz Wolniewicz, Lukas Hämmerle | +1 (Thomas Lenggenhager) +1 (Wolfgang Pempe) +1 (SURFnet) +1 (Mario Reale) +1 (T. Wolniewicz) | Consolidate separate tools into one service (SURFnet) | Useful tools (Thomas Lenggenhager) Move into operations, without project funding, where applicable (SURFnet) | |
eduGAIN enhanced supportTroubleshooting coordination/support for complex interfederation issues, central SIRTFI support where needed, SP reg of last resort via UK Federation. Info Contact: Lukas Hämmerle | +1 (Thomas Lenggenhager) +1 (Wolfgang Pempe) +1 (SURFnet) +1 (Mario Reale) +1 (T. Wolniewicz) | Develop model so this can be moved into operations without using project funding (SURFnet) Evaluate the SP of last resort registration (uptake, policy, do we still want / need this?) (SURFnet) | Registry of last resort with good support could be useful. Help candidate fed ops to increase their know-how and learn from others. (Thomas Lenggenhager) Based on the AARC recommendations, I'd advocate for the SP registry to be promoted more not only as an eduGAIN enhancement but as a capability for GEANT to not only broker contracts on behalf of the members but also offer the technical platform to connect SPs to eduGAIN. Specifically I'm referrring to SPs that are explicitly global or pan european in scale and have little direct working relationship with federations, and/or those for which GEANT has a framework agreement. See also eduGAIN SG thread eduGAIN-integration" for not-really-interested SPs" from 11/9/2017 | |
eduGAIN BCPRecommended practices for federations and their entities e.g. SIRTFI adoption, Assurance Profiles, MFA BCP etc. Info Contact: Nicole Harris/Pål Axelsson | +1 (SURFnet) +1 (T. Wolniewicz) | +1 (Brook Schofield) +1 (Nicole Harris) | Keep it simple, mainly as a check-list with links to the details. (Thomas Lenggenhager) +1 for Thomas' comment (Wolfgang Pempe) +1 as above (Mario Reale) It has to be new - 'cause it doesn't yet exist. Rephrase - I'd like to see this as an account manager role for Service Providers within eduGAIN / as part of the eduGAIN support function. | |
Federation as a ServiceFederation platform: MDA, RR, HSM etc. as a service. Info Contact: Marina Adomeit | +1 (Mario Reale) +1 (T. Wolniewicz) +1 (Michael Schmidt) | Investigate how much this can help federation uptake outside EU (SURFnet). | +1 (Nicole Harris) | How successful is it? Is it worth the effort to continue? (Thomas Lenggenhager) +1 for Thomas' comment (Wolfgang Pempe) Evaluate how much this has helped the organizations without federation, can we say something about future growth? (SURFnet) Useful to pursue functional integration with Campus IdP and piloting (Mario Reale) Make this run on AliCloud. Needs complete change. |
Campus IdPtoolkits, platform for provisioning and/or managed service Info Contact: Mario Reale | +1 (Mario Reale) +1 (Michael Schmidt) | +1 (Thomas Lenggenhager) +1 (Wolfgang Pempe) +1 (Nicole Harris) | Not relevant for us (Thomas Lenggenhager) Promising developments on Docker to be further pursued, Ansible solution very comprehensive and mature, Full fledged Platform development fon Gn4.3 (Mario Reale) There are existing offers doing this better than we can. Promising solution for small organisations with scope for improvement. Could be extended by MFA or integrated with StepUp service for example. (Michael Schmidt) | |
InAcademiaNote: Current intent is to operate via GÉANT Org, not project once in production. Info Contact: Niels van Dijk | +1 (Thomas Lenggenhager) +1 (Wolfgang Pempe) +1 (SURFnet) +1 (Mario Reale) +1 (T. Wolniewicz) +1 (Michael Schmidt) | |||
eduTEAMSgroup management, ID Hub (guest solution) as basic offer, advanced offer can include HEXXA, Perun etc. Info Contact: Niels van Dijk | +1 (Thomas Lenggenhager) +1 (Wolfgang Pempe) +1 (Mario Reale) +1 (T. Wolniewicz) | Investigate how to operate this wihtout project funding (SURFnet) | Fundamenal role for supporting Res Commun.(Mario Reale) | |
Discoverycentral/common/distributed/federated discovery service with improved usability Info Contact: Lukas Hämmerle | +1 (Wolfgang Pempe) +1 (SURFnet) +1 (T. Wolniewicz) | +1 (Thomas Lenggenhager) +1 (Mario Reale) +1 (Brook Schofield) | Don't forget the hub-and-spokies (SURFnet) An instantiation of the REFEDS Discovery Guide (in at least 1 GÉANT service) | |
eduKEEPUser-centric Identity Federations, eduID initiatives Info Contact: Maarten Kremers | +1 (Thomas Lenggenhager) +1(Constantin Sclifos) +1 (Wolfgang Pempe) +1 (Mario Reale) +1 (T. Wolniewicz) | Investigate role of eduKEEP in disconnecting authentication from attributes. Role of government IDs, eIDAS (SURFnet). | +1 (Nicole Harris) - only in the sense of project focus, this will continue. + 1 (Lukas Hämmerle) | This is too close to the campus for us to have any real impact with centrally. Might be too early/too little benefit to somethings more concrete like a service and too little use to do something on international level (Lukas Hämmerle) |
StepUp Services - Assurance & MFAstepUp Assurance, Authentication (MFA) etc. Info Contact: Maarten Kremers | +1 (Wolfgang Pempe) +1 (SURFnet) +1 (Jule Ziegler) | +1 (Thomas Lenggenhager) +1 (Mario Reale) +1 (Brook Schofield) +1 (Nicole Harris) | The non-vendor specific StepUpaaS from SURF should be forklifted into the GÉANT community and look at ways of delegating identity vetting via Postal Services and other methods that are country specific. | |
OIDCProfile for eduGAIN, Federation BCP, any needed infrastructure to support global interop Info Contact: Maarten Kremers | +1(Constantin Sclifos) +1 (SURFnet) +1 (Jule Ziegler) | +1 (Thomas Lenggenhager) +1 (Wolfgang Pempe) +1 (Mario Reale) | + 1 (Lukas Hämmerle) | Create OIDC Testbed for FedOps (Wolfgang Pempe) +1 (Mario Reale) Create OIDC2Int (SURFnet) Assuming (bilateral) OIDC support is integrated in Shib and SSP, this already is good enough. I doubt that making OIDC also support the federation architecture will provide much benefit over SAML given the effort needed to make this concept work (Lukas Hämmerle) |
Cross sector interoperabilityesp. interoperability with eIDAS Info Contact: Christos Kanellopolous | +1 (Wolfgang Pempe) +1 (SURFnet) +1 (Mario Reale) +1 (T. Wolniewicz) | +1 (Thomas Lenggenhager) | No priority (Thomas Lenggenhager) Stay connected with the eIDAS folks (Wolfgang Pempe) Work towards pan-european solutions (SURFnet) Merge this (i.e. for eIDAS) with Step Up/Identity Assurance Service (Lukas Hämmerle) | |
eduPKIInfo Contact: Reimer Karlsen-Masur | +1(Constantin Sclifos) +1 Reimer Karlsen-Masur | +1 (Brook Schofield) +1 (Nicole Harris) - evolve | Include addition development such as:
Other stuff like this to make the WHOLE landscape around our participation in CA clearer. | |
Certificate TransparencyInfo Contact: Linus Nordberg | +1(Constantin Sclifos) +1 (SURFnet) + 1 (DFN-PKI) | + 1 (DFN-PKI) get the log trusted by Chrome and other browsers | Is anything actually happening here? This is probably in the wrong area of the project at the moment and information about it is not very....transparent. Add this into a larger workpackage on future certificate. Unclear what this is about and if this is something T&I should be doing. Maybe move this to security topics? (Lukas Hämmerle) | |
F-TICKSInfo Contact: Jule Ziegler, Miro Milinovic |