...
- In the future offer proxy to do aggregation on behalf of SP
2.2.1. eduPersonAffiliation
Incoming attributes will be collected and passed on untouched:
2.2.2. eduPersonEntitlement13 eduPersonUniqueId -> Only incoming
2.2.8. eduPersonPrincipalName -> Only incoming
2.2.10. eduPersonScopedAffiliation2
3.24. 11. eduPersonTargetedID -> Only incomingdisplayName -> Via IdP (R&S)
Other outgoing attributes:
2.2.122. eduPersonAssuranceeduPersonEntitlement
2.2.13 eduPersonUniqueId12. eduPersonAssurance
2.2.14 eduPersonOrcid
3.2. cn (commonName)
3.3. description
3.4. displayName -> Via IdP (R&S)3.6. givenName
3.13. mail
3.15. mobile -> future use?
...
IsMemberOf and eduPersonEntitlement are both scoped to the VO using an at sign
Changes needed for eduTEAMS Identity Hub
- Publish IdP proxy metadata for a single proxy endpoint
- Check incoming attributes on Backend to see if we are getting enough info to be R&S compliant
- incorporate/use discovery service
GAPS identified for Membership Management
- VOOT ansible scripts
- COmanage Ansible needs changing - Basic provisioning
- Ansible for export script - Ansibelize script deployment
- Ansible for MySQL database for Master -> Slave replication
- Loadbancers Ansible
- Gui for connecting SP to CO
- Gui for onboading new VO/VOadmin
- Out of band via email intially
- We send out an invite to the invite form
- Validate if the user is in GEANT by calling external service.
- If false, present a good error message.
- Fill in form, which needs custom fields
- Define the fields
- Include SPs
- Define the fields
- Email to validate the entry
- We ok the entry
- Use provisioning plugin to provision into specific DB or LDAP OR better via API directly into Comanage.
- For initilal Piot use wiki page for "form" questions + email.
Activities
- Update wiki page on generic setup (Niels) - This week
- Ansible scripts for Bastion host (Discuss between Simone, Kristof) (Okt 24)
- Deploy 8 VMs (Kristof, later Mandeep) (Nov 18)
- Setup IdPs and SPs for testing/dev. (Niels) (Okt 31) - email if needed
- Deploy ID HUB (Krstof/Simone) - Use as test case for VM deploment - Nov 30
- Modify ID HUB (Niels/Rebecka) (Okt 24)
- Discuss with COmanage (Mihaly, Slavik) (Okt 31)
- VOOT ansible scripts (Niels) (Nov 18)
- COmanage Ansible needs changing - Basic provisioning
- Create Workflows (Mandeep) (Nov 1)
- Add to deployment (depending on discussion with COManage) (Mihaly)
- Ansible for export script - Ansibelize script deployment (Mihaly) (Ok 31)
- Ansible for MySQL database for Master -> Slave replication (Kristof) (Nov 18)
- Work out provisioning plugin (Niels) (Nov 30)
- Loadbalancers Ansible (Kristof check with Simone) (Nov 18)
- Set up CO intake form intitally in wiki (Tangui and Mandeep) (Nov 5, + 4 weeks for response)
- Setup onboarding either in Comanage of seperate GUI
- Really, Really deploy. (Krisfof + Simone) - feb 1, 2017