When a new identity federation applies to join eduGAIN, the eduGAIN Secretariat and business development team will work closely with them to help them prepare and meet all the membership requirements. The following steps will be taken and will be used as a template to manage Candidate applications. Each "step" may run concurrently, depending the on the readiness of the federation.
| Candidate Name | Federation X |
|---|---|
| OTRS Ticket Number |
eduGAIN Candidate Process
| Steps | Requirements | Actions | Owner | Timeframe | Notes |
|---|---|---|---|---|---|
| Step 1: Initial application meeting / readiness discussion | This initial meeting will talk the candidate through the joining process, get an understanding of the technical infrastructure of the federation and it's maturity and also share information about useful resources for the federation such as the eduGAIN website and wiki and the REFEDS resources. If not already familiar, federations will also be talked through the available document templates and the various eduGAIN tools that can be used for testing compliance and reviewing issues. |
| BD Sec | Set up meeting within 2 weeks of receiving request | ticket |
| Step 2: Collect required information for membership application | There are a number of formalities that need to be addressed before a federation can become a membership candidate. These are known as the "joining checklist" and represent the core information that is held about each federation to enable metadata consumption and to start the trust building process. |
| Sec / OT | TBD - depending on maturity of federation | |
Step 3: eduGAIN Secretariat review of federation documentation | The eduGAIN Secretariat will undertake an initial review of the federation Policy and MRPS documents and may invite others to help support this process. The aim of this step is to help the federation identify any potential issues that might come up from the community review process and ensure step 5 goes as smoothly as possible. |
| Sec | 4 - 6 weeks | |
| Step 4: Technical review | The purpose of the technical review is to iron out any issues the federation may have with publishing and consuming eduGAIN metadata on a daily basis to ensure that the federation can run successfully with no / low error rate when membership is approved. |
| Sec / OT | Concurrent with Step 5 & 6 | |
| Step 5: membership review of federation documentation | As stated in the eduGAIN Constitution, the eduGAIN Steering Group (eSG) is responsible for: "Reviewing and approving the membership of new Federations". Step 5 and Step 6 support this requirement. |
| Sec | 4 weeks (or 2-3 weeks for assessment + 1-2 weeks for the applicant to process the feedback?) | |
| Step 6: voting | Formalised vote for membership acceptance |
| Sec | 2 weeks | |
| Step 7: formal registration | This final step ensures that the candidate is able to fully utilise the eduGAIN service after the community vote is successful. |
| Sec |
eduGAIN New Candidate Assessment Feedback
Assessment Period: DATES
| # | Document (Policy / MRPS) | Document line / reference | Proposed Change or Query | Proposer / Affiliation | |
|---|---|---|---|---|---|
| #1 | Policy / MRPS | general | For the outsider it is not clear what the name of the Identity Federation is. This should be made clear on the front page of the both documents. | Casper Dreef / eduGAIN secretariat | The candidate updated multiple sections to clarify this matter. |
| #2 | Policy | Introduction | Linked to the aforementioned and referring to the following text: "For EthERNet, the participation in the EFIS is a service among other services provided to Education and Research community" we would suggest to please clarify and simplify it, in something in the lines of "EFIS - as an indentity federation - is a service provided by EthERNet". We suggest to make a clear distinction between the Federation Operator (EFIS) and the NREN (EthERNet) throughout the document. | Casper Dreef / eduGAIN secretariat | The introduction was updated |
| #3 | Policy | Section 3.6 | change "Service Description" to "the Federation Policy" | Casper Dreef / eduGAIN secretariat | Candidate updated the text |
| #4 | MRPS | Section 2 | Paragraph 2 - typo. "updates" | Casper Dreef / eduGAIN secretariat | typo fixed, but it would be better readable if it was made a separate sentence. |
| #5 | Policy | Section 3.1 | Typo in title "Governancef" | Casper Dreef / eduGAIN secretariat | fixed |
| #6 | Policy | Section 4.1 | "Further participants are Members of Ethiopian Education and Research Network or members that have joined in a second moment, prior approval by the General Assembly and Federation Members that join prior approval by the Directive Board." Unclear what potential members are required to do and if they are eligible. The process is well described on https://efis.ethernet.edu.et/join.html. | Casper Dreef / eduGAIN secretariat | Eligibility criteria were updated |
| #7 | MRPS | Section 3 | https://efis.ethernet.edu.et/idp-how-to-join/ links to a sharepoint excel workbook. Please use the correct link. | Casper Dreef / eduGAIN secretariat | Link is now correct and working |
| #8 | MRPS | Section 4 | https://efis.ethernet.edu.et/docs/ leads to 403 error page | Casper Dreef / eduGAIN secretariat | idem |
| #9 | MRPS | Section 5.1 | See #8 | Casper Dreef / eduGAIN secretariat | idem |
| #10 (2024 Aug 14th) | Policy | Section 3.4 | In the EFIS Identity Federation Policy document it is said that a Home Organization | Davide Vaghetti/eSC | SOLVED (2024 Aug 19th) Ethernet clarified that the Identity Management Practice Statement is an optional requirement, however they will add some more information in the joining page. |
| #11 (2024 Aug 14th) | Policy | All sections | There are quite a large number of typos in the document, probably due to the use of the REFEDS PDF Policy template. Here it is the complete list attached as TXT file: | Davide Vaghetti/eSC | |
| #12 (2024 Aug 14th) | MRPS | All sections | There are quite a large number of typos in the document, probably due to the use of the REFEDS PDF MRPS template. Here it is the complete list attached as TXT file: | Davide Vaghetti/eSC | |
| #13 (2024 Aug 14th) | MRPS | 3 | "Checking and verifying organization name and scientific role against respected"... seems to have been truncated, "respected" what? | Thijs Kinkhorst/eSC | |
| #14 (2024 Aug 15th) | Policy | Page 1. Table 1. Row 1. | "...the service provider that use the identity..." should be "provider uses the identity.." and many other similar errata and language flaws. | Francisca Martin-Vergara/eSC | |
| #15 (2024 Aug 15th) | Policy | 3.2. | "Temporarily suspend individual Technology Profiles for a Federation Member" The term Technology Profiles should be defined and be more specific about suspension motives. | Francisca Martin-Vergara/eSC | |
| #16 (2024 Aug 15th) | Policy | 3.4. and 3.5. | "Must send a list of Service Providers which is related to if there is an intention of cancelling its membership". What is the meaning of this sentence? | Francisca Martin-Vergara/eSC | |
| #17 (2024 Aug 15th) | Policy | 5. | Add some general definitions or enumeration of procedures on section 5. Procedures before subsection 5.1, e.g. In this section procedures for joining and withdrawal will be described. | Francisca Martin-Vergara/eSC | |
| #18 (2024 Aug 15th) | Policy | 5.1. | "If the application is denied, the decision and the reason for denying " In case of rejection, the reason for denying must be carefully motivated. | Francisca Martin-Vergara/eSC | |
| #19 (2024 Aug 15th) | MRPS | 3. | "Checking and verifying organization name and scientific role against respected" Is it referred to checking an official ID? | Francisca Martin-Vergara/eSC | |
| #20 (2024 Aug 15th) | MRPS | 5. | Add some general definitions or comment on section 5. Entity Eligibility and Validation before subsection 5.1. | Francisca Martin-Vergara/eSC | |
| #21 (2004 Aug 16th) | Policy | 3.3 | "Must appoint a technical and/or administrative contact for interactions with EthERNet." I propose to remove the "/or" due to that is a difference between the contact types. In the IMPS there is a term "Registered Representatives" defined is the administrative and technical contact defined here the same? If so, please reuse the same term and define it also in the beginning. Last comment in this section is that it would be good if the federation requires a security contact. | Pål Axelsson | |
| #22 (2004 Aug 16th) | Policy | 3.4 | "Is responsible for assigning attribute values to the End Users and managing the values in a way which ensures they are up to date." I suggest changing to "Is responsible for assigning attribute values to the End Users and managing the values in a way which ensures they are adheres to the attribute specifications and are up to date." | Pål Axelsson | |
| #23 (2004 Aug 16th) | Policy | 3.5 | "Can make use of the EFIS’s Discovery Service". This is a bit limiting, for services that should be available for interfederation identity providers other discovery services such as SeamlessAccess may be a better choice. | Pål Axelsson | |
| #24 (2004 Aug 16th) | Policy | 3.6 | This section is hard for an end user to understand and follow due to that the end user normally isn't aware of the federation. The requirements here is more for the end user AUP in the home organization and in the services. There could be a text defining what is needed to be part of the AUP. | Pål Axelsson | |
| #25 (2004 Aug 16th) | Policy | 5.2 | Second paragraph in the section is about the termination of the federation, not the federation cancelation of its membership in the federation. I suggest the second paragraph is broken out to a new section "5.2 Temintation of the federation" and is rephrased to clearly state this instead of cancelation. | Pål Axelsson | |
| #26 (2004 Aug 16th) | MRPS | 3 | It would be good if what type of contact point MUST, SHOULD and MAY be in metadata is defined in this section. In policy administrative and technical is mentioned but I also recommend security and maybe support. | Pål Axelsson |