Project overview
Name | Role | ||
---|---|---|---|
Submitter name & email: | lukas.haemmerle@switch.ch | P.I. | |
Other participants | Jule Ziegler | Jule.Ziegler@lrz.de | Scrum master |
... | Nebojsa Ilic | nebojsa.ilic@amres.ac.rs | Subtask Leader |
... | Dev | ||
... | leifj@sunet.se | Mentor |
Organisation Name | Person names | Person email | Role within pilot |
---|---|---|---|
CESNET | Slavek Licehammer | slavek@ics.muni.cz | CESNET GEANT contact |
CESNET | Pavel Poláček | pavel.polacek@ujep.cz | Discovery Service Developer |
CESNET | Jan Chvojka | jan.chvojka@cesnet.cz | Discovery Service Developer |
GEANT | Klaas Wierenga | klaas.wierenga@geant.org | GEANT Chief Community Support Officer and GÉANT spokesperson for RA21 |
There are two primary goals:
Handover/transition the eduTEAM Discovery Service to the WP5 T1 eduGAIN service. Achieving this goal is considered done and successful when the discovery service is either officially accepted (according to the GEANT PLM) as component of the eduGAIN service or if it is considered as independent GÉANT service. The first option is probably more suitable and therefore preferred. WP5 T1 task leader Davide Varghetti suggested Nebosja as contact person of the subtask to operate the DS within the eduGAIN service. The handover should be finished by the end of the first incubator cycle (summer 2019).
- Continue work on RA21. In particular:
- Review and provide inputs on the RA21 work from GÉANT's point of view.
- Figure out if and how to best operate a Discovery Service for eduGAIN community (see delivery models below in technical details)
See eduTEAMS Discovery documentation pages: Discovery Service
Earlier discussion from Licia:
"Dear all,
Last week in Milan I had a chat with Slavek about CESNET discovery service. We agreed that we it would make more sense to look at a discovery service in the context of eduGAIN. Slavek and I agreed that the current pilot with CESNET service was not really advertised so it's difficult to gather inputs on the satisfaction of the services that used it. In agreement with Marina, we will fund another pilot with CESNET discovery with defined goals where we will ask for inputs and/or requests for new features. The pilot will have a limited duration of about 6 months. The pilot, in agreement with Niels, should go under the incubator and after the defined period we should assess the usability and satisfaction and see which features should be implemented. We have planned a similar pilot also for RA21. I will ping Slavek privately to define further details."
Project Details
The current eduTEAMS Discovery Service (will be renamed to eduGAIN Discovery Service most likely) is operated on http://discovery.eduteams.org (several physically distributed servers) and a test instance on http://ds-test.eduteams.org/. Its software is the CESNET SAML2 Discovery Service implementation. Even though the service is not considered yet a production service according to the GEANT PLM (because it is neither part of the eduTEAMS or eduGAIN service currently), the service has been operated as managed service on the same production hardware by CESNET that CESNET uses for their own production Discovery Service. The three main features that distinguish this implementation from others are:
- Privacy awareness: The operator of the DS does not know which organisation the user is from after the user made his choice
- Embeddable: The DS can be embedded with a JavaScript on any web page
- Filtering: The IdPs listed in the DS can be filtered according to federation, entity categories or individually by adding a proprietary filtering expression to the URL to load the DS from. The filter can be created in a specific filter user interface.
The Discovery Service documentation (for SP administrators) is on the GEANT wiki.
The long term goal of this pilot is to contribute to a state-of-the-art, user-friendly, SAML2-compliant default IdP Discovery Service that eduGAIN Service Providers can use (alternatively to operating their own Discovery Service or rely on a federation-specific one). This Discovery Service can be delivered as either of these:
- fully operated by the RA21 interest group that GEANT is a prominent member of. This delivery model would mean that GEANT would not operate an own default Discovery Service for eduGAIN.
- using a static custom GEANT/eduGAIN-branded front-end of the RA21 discovery service
- operate an independent Discovery Service (e.g. the CESNET implementation) that interacts with the RA21 service via their API
Part of the work of this pilot will identify the most suitable delivery model of the above.
The eduTEAMS Discovery service (to be renamed and moved) already has a Privacy Policy. Its implementation (by CESNET) is already very privacy aware compared to other discovery service implementations.
Most likely, the RA21 work continued in this cycle will not be complete. Ideally, this cycle is followed by another cycle with similar staff member and a better understanding of the RA21 service.
Meetings
Date | Activity | Owner | Minutes |
---|---|---|---|
Feb 14, 2017 | Kickoff meeting | tbd | |
Documents
(Attach any documents to this page to get them listed.)