Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Candidate NameFederation X
OTRS Ticket Number

TT#2024031934000941

eduGAIN

...

Candidate Process

StepsRequirementsActionsOwnerTimeframeNotes
Step 1: Initial application meeting / readiness discussion

This initial meeting will talk the candidate through the joining process, get an understanding of the technical infrastructure of the federation and it's maturity and also share information about useful resources for the federation such as the eduGAIN website and wiki and the REFEDS resources

If not already familiar, federations will also be talked through the available document templates and the various eduGAIN tools that can be used for testing compliance and reviewing issues.

  •  Organise meeting with federation, eduGAIN Secretariat, eduGAIN BD and other relevant parties
  •  Add federation to edugain-discuss mailing list and eduGAIN Slack workspace
  •  Ensure a formal ticket is open for the federation application in OTRS
  •  Set up candidate profile on wiki to track progress

BD



Sec




Set up meeting within 2 weeks of receiving request


ticket
Step 2: Collect required information for membership application

There are a number of formalities that need to be addressed before a federation can become a membership candidate.  These are known as the "joining checklist" and represent the core information that is held about each federation to enable metadata consumption and to start the trust building process.


https://technical.edugain.org/joining_checklist

  •  Contact email
  •  Security contact
  •  Management contact
  •  Signed declaration
  •  Metadata source
  •  Signing certificate
  •  Governance delegate and deputy
  •  Federation website
  •  Federation policy
  •  Federation MRPS
  •  Contact OT to add federation as a candidate on the eduGAIN website
Sec / OTTBD - depending on maturity of federation

Step 3: eduGAIN Secretariat review of federation documentation

The eduGAIN Secretariat will undertake an initial review of the federation Policy and MRPS documents and may invite others to help support this process.   The aim of this step is to help the federation identify any potential issues that might come up from the community review process and ensure step 5 goes as smoothly as possible.
  •  Undertake review of federation documentation
  •  Initial feedback from the eduGAIN Secretariat on documentation review
  •  Organise meeting to discuss feedback if appropriate

Sec


4 - 6 weeks
Step 4: Technical reviewThe purpose of the technical review is to iron out any issues the federation may have with publishing and consuming eduGAIN metadata on a daily basis to ensure that the federation can run successfully with no / low error rate when membership is approved.
  •  Work with OT to ensure certificate is correct
  •  Review of metadata against validator checks
  •  federation metadata should run with no errors for the period of time taken to complete the candidate assessment
Sec / OTConcurrent with Step 5 & 6
Step 5: membership review of federation documentationAs stated in the eduGAIN Constitution, the eduGAIN Steering Group (eSG) is responsible for: "Reviewing and approving the membership of new Federations". Step 5 and Step 6 support this requirement.
  •  Announce review on edugain-discuss and edugain-sg sc mailing lists
  •  Invite comments to made on appropriate wiki page
  •  Run review process for a period of 4 weeks
Sec4 weeks (or 2-3 weeks for assessment + 1-2 weeks for the applicant to process the feedback?)
Step 6: votingFormalised vote for membership acceptance
  •  Prepare vote in Zeus
  •  Prepare voting record page on wiki
  •  Run vote for period of 2 weeks
Sec2 weeks
Step 7: formal registrationThis final step ensures that the candidate is able to fully utilise the eduGAIN service after the community vote is successful.
  •  Liaise with OT to update federation from candidate to member
  •  Add federation to edugain-sg mailing list
  •  Add federation to eduGAIN reporting tool
Sec

eduGAIN New Candidate Assessment Feedback

Assessment Period: DATES

Comment
#Document (Policy / MRPS)Document line / referenceProposed Change or QueryProposer / Affiliation
#1Policy / MRPSgeneralFor the outsider it is not clear what the name of the Identity Federation is. This should be made clear on the front page of the both documents.Casper Dreef / eduGAIN secretariatThe candidate updated multiple sections to clarify this matter.
#2PolicyIntroductionLinked to the aforementioned and referring to the following text:

"For EthERNet, the participation in the EFIS is a service among other services provided to Education and Research community"

we would suggest to please clarify and  simplify it, in something in the lines of "EFIS - as an indentity federation - is a service provided by EthERNet".

We suggest to make a clear distinction between the Federation Operator (EFIS) and the NREN (EthERNet) throughout the document.

Casper Dreef / eduGAIN secretariatThe introduction was updated
#3PolicySection 3.6change "Service Description" to "the Federation Policy"Casper Dreef / eduGAIN secretariatCandidate updated the text
#4MRPSSection 2Paragraph 2 - typo. "updates"Casper Dreef / eduGAIN secretariattypo fixed, but it would be better readable if it was made a separate sentence.
#5PolicySection 3.1Typo in title "Governancef"Casper Dreef / eduGAIN secretariatfixed
#6PolicySection 4.1

"Further participants are Members of Ethiopian Education and Research Network or members that have joined in a second moment, prior approval by the General Assembly and Federation Members that join prior approval by the Directive Board."

Unclear what potential members are required to do and if they are eligible. The process is well described on https://efis.ethernet.edu.et/join.html.

Casper Dreef / eduGAIN secretariatEligibility criteria were updated
#7MRPSSection 3

https://efis.ethernet.edu.et/idp-how-to-join/ links to a sharepoint excel workbook. Please use the correct link.

Casper Dreef / eduGAIN secretariatLink is now correct and working
#8MRPSSection 4

https://efis.ethernet.edu.et/docs/ leads to 403 error page

Casper Dreef / eduGAIN secretariatidem
#9MRPSSection 5.1

See #8

Casper Dreef / eduGAIN secretariatidem
#10 (2024 Aug 14th)PolicySection 3.4

In the EFIS Identity Federation Policy document it is said that a Home Organization
"Should submit its Identity Management Practice Statement to the Federation
Operator", but I didn't find any reference or templates in the EFIS' join
page (https://efis.ethernet.edu.et/join.html) or in any other part of the EFIS' website.
Can it be that the reference to the Identity Management Practice Statement is just a
leftover from the REFEDS template?

Davide Vaghetti/eSCSOLVED
(2024 Aug 19th)
Ethernet clarified that the Identity Management Practice Statement is an optional requirement, however they will add some more information in the joining page.
#11 (2024 Aug 14th)PolicyAll sections

There are quite a large number of typos in the document, probably due to the use of the REFEDS PDF Policy template. Here it is the complete list attached as TXT file:

 

View file
nameEFIS-policy-typos.txt
height150

Davide Vaghetti/eSC






#12 (2024 Aug 14th)MRPSAll sections

There are quite a large number of typos in the document, probably due to the use of the REFEDS PDF MRPS template. Here it is the complete list attached as TXT file:

 

View file
nameEFIS-MRPS-typos.txt
height150

Davide Vaghetti/eSC
#13 (2024 Aug 14th)MRPS3

"Checking and verifying organization name and scientific role against respected"... seems to have been truncated, "respected" what?

Thijs Kinkhorst/eSC
#14 (2024 Aug 15th)PolicyPage 1. Table 1. Row 1.

"...the service provider that use the identity..." should be "provider uses the identity.." and many other similar errata and language flaws.

Francisca Martin-Vergara/eSC
#15 (2024 Aug 15th)Policy3.2.

 "Temporarily suspend individual Technology Profiles for a Federation Member" The term Technology Profiles should be defined and be more specific about suspension motives.

Francisca Martin-Vergara/eSC
#16 (2024 Aug 15th)Policy3.4. and 3.5.

"Must send a list of Service Providers which is related to if there is an intention of cancelling its membership". What is the meaning of this sentence?

Francisca Martin-Vergara/eSC
#17 (2024 Aug 15th)Policy5.

Add some general definitions or enumeration of procedures on section 5. Procedures before subsection 5.1, e.g. In this section procedures for joining and withdrawal will be described.

Francisca Martin-Vergara/eSC
#18 (2024 Aug 15th)Policy5.1.

"If the application is denied, the decision and the reason for denying " In case of rejection, the reason for denying must be carefully motivated.

Francisca Martin-Vergara/eSC
#19 (2024 Aug 15th)MRPS3.

"Checking and verifying organization name and scientific role against respected" Is it referred to checking an official ID?

Francisca Martin-Vergara/eSC
#20 (2024 Aug 15th)MRPS5.

Add some general definitions or comment on section 5. Entity Eligibility and Validation before subsection 5.1.

Francisca Martin-Vergara/eSC
#21 (2004 Aug 16th)Policy3.3

"Must appoint a technical and/or administrative contact for interactions with EthERNet." I propose to remove the "/or" due to that is a difference between the contact types. In the IMPS there is a term "Registered Representatives" defined is the administrative and technical contact defined here the same? If so, please reuse the same term and define it also in the beginning. Last comment in this section is that it would be good if the federation requires a security contact.

Pål Axelsson
#22 (2004 Aug 16th)Policy3.4

"Is responsible for assigning attribute values to the End Users and managing the values in a way which ensures they are up to date." I suggest changing to "Is responsible for assigning attribute values to the End Users and managing the values in a way which ensures they are adheres to the attribute specifications and are up to date."

Pål Axelsson
#23 (2004 Aug 16th)Policy3.5

"Can make use of the EFIS’s Discovery Service". This is a bit limiting, for services that should be available for interfederation identity providers other discovery services such as SeamlessAccess may be a better choice.

Pål Axelsson
#24 (2004 Aug 16th)Policy3.6

This section is hard for an end user to understand and follow due to that the end user normally isn't aware of the federation. The requirements here is more for the end user AUP in the home organization and in the services. There could be a text defining what is needed to be part of the AUP.

Pål Axelsson
#25 (2004 Aug 16th)Policy5.2

Second paragraph in the section is about the termination of the federation, not the federation cancelation of its membership in the federation. I suggest the second paragraph is broken out to a new section "5.2 Temintation of the federation" and is rephrased to clearly state this instead of cancelation.

Pål Axelsson
#26 (2004 Aug 16th)MRPS3

It would be good if what type of contact point MUST, SHOULD and MAY be in metadata is defined in this section. In policy administrative and technical is mentioned but I also recommend security and maybe support.

Pål Axelsson