Organisational (Pal and Mario)
Daniela is leaving, Pal and Mario are taking over. Pal: Policy, Mario: Development
VC schedule is needed, also what contribution is
Might update the content of the (sub)task --> reconfigure task
Talk with Pal, and Mario, trying to start in January
In details
Pal: Policy
GDRP white paper late, as law gets official late
Work together with T2 Lukas, especially with Thomas (T1 policy/security and T2 performance)
Mario: Knows IdP as a Service, as subtask leader, but needs input on statistics and sirtfi
eduGAIN Policy (Nicole+Pal)
Update eduGAIN Policy Set (Nicole)
Using OpenID Connect -> adapt policies and eduGAIN constitution
Got comments on new version of the constitution. Consultation ends on Friday -> cleaning -> vote (2/3)
Clean up SAML Technology Profile (one document instead of 4)
-> want to do: eduGAIN SAML Requirements --> eduGAIN SG meeting
BCP including Sirtfi
SAML2int Profile: track update from Kantara
New: eduGAIN Operational Practice Statement and eduGAIN Metadata Aggregation Practice Statement
Review text of GDRP (Pal)
Problem of V1: consent was different in countries
New in V2: penalties
Federation operaters review new GDRP
eduGAIN needs to review it as well, some federations cannot review it themselves -> help
CoCo V2: workshop was proposed, open workspace greater than GÉANT
International CoCo: on hold, first CoCo V2
Sirtfi (Pal and Lukas)
AARC and REFEDS: Deliverables
Sirtfi: something on how to react on incidents
Use case Orcid
first or second major incident discussed
one or two IdPs were publishing dublicated ids
-> people's attention, coordinating efforts
In eduGAIN
T1 Sirtfi + T2 --> Role?
eduGAIN should be active? different views on that
problems:
- poor information and overreaction
- timezone
- closed space with federation operators + orcid missing, information mismatch,
- TLP
- timely? response time
- not all entities might be in Sirtfi, what with the others?
- Cirts not always at federation (or none at all)
- eduGAIN as service -> make them pay?
Should be careful how we do it, eduGAIN does not check metadata, contact information etc., eduGAIN is not really managed
What should eduGAIN demand from federations?
eduGAIN cannot do too much, because of money
Sirtfi is both ways
Monitoring and Statistics (Miro)
f-ticks (format of the log) in REFEDS line of I-D at IETF --> comments!
probably especially for IdPs
Pal: problems with f-ticks when Shib V3 came, 2 different versions with data sets of f-ticks into syslog server
practice needed -> fed ops!
centralized f-ticks service
Federations want own statistics - how?
Attribute Release & other eduGAIN tools (Lukas)
Tools: eduGAIN CoCo Monitor Service, Access Check Service, Connectivity Check Service, Attribute Release Check Service, ?? Service
How to deploy tools?
- well documented? repository?
In eduGAIN DNS domain and certificates -> official channels – but what is worthy? decided by project management?
then operations team looks at it and decides if further checks (e.g. security) is needed
What next?
- Sirtfi timely response - similar for eduroam
- V4/v6 support
- log https (noClientAuthN) check
- IdP Name collision dector,
- https checks?
- certificate expire warning
- SSLLabs grade