Participants


NameOrganisation

Lukas Hämmerle

SWITCH




NameOrganisationRole
Lukas Hämmerle


SWITCHPI
 Jule ZieglerDFN-LRZScrum master

Leif Johansson

SUNETMentor
Slavek LicehammerCESNETCESNET GEANT contact
Pavel PoláčekCESNETTeam
Jan ChvojkaCESNETTeam





Name

Organisation

Role 

Davide Vaghetti

GARRT1 eduGAIN service manager
Klaas WierengaGEANT AssociationGEANT Chief Community Support Officer and 

GÉANT representative for the RA21 governance committee

Christos KanelopoulosGEANT AssociationGÉANT representative for the RA21 technical committee


Activity Overview

T&I work package continues the work on IdP discovery as it was started in GN4-2 in the eduTEAMS and IdP Discovery subtask. It gathers requirements, and works with the RA21 initiative towards an implementation that can become a service in the GEANT project. At the same time it helps handing over the existing eduTEAM Discovery Service to the new (GN4-3 WP5 T1) eduGAIN service.


  • Gather feedback from current pilot users on the existing discovery pilot service

  • Handover/transition the eduTEAM Discovery Service to the WP5 T1 eduGAIN service. Achieving this goal is considered done and successful when the discovery service is either officially accepted (according to the GEANT PLM) as component of the eduGAIN service or if it is considered as independent GÉANT service. The first option is probably more suitable and therefore preferred. WP5 T1 task leader Davide Varghetti suggested Nebosja as contact person of the subtask to operate the DS within the eduGAIN service. The handover should be finished by the end of the first incubator cycle (summer 2019).

  • Continue work on RA21. In particular:
    • Review and provide inputs on the RA21 work from GÉANT's point of view.
    • Figure out if and how to best operate a Discovery Service for eduGAIN community (see delivery models below in technical details)


See DSX Discovery documentation pages: DSX Discovery Service (Pilot)


Activity Details

The current DSX Discovery Service (was initially called eduTEAMS Discovery Service) is operated on https://dsx.edugain.org (several physically distributed servers) and a test instance on https://dsx-test.edugain.org. Its software is the CESNET SAML2 Discovery Service implementation (PHP). Even though the service is not considered yet a production service according to the GEANT PLM (because it is neither part of the eduTEAMS nor eduGAIN service currently), the service has been operated as managed service on the same production hardware by CESNET that CESNET uses for their own production Discovery Service. The three main features that distinguish this implementation from others are:

  • Privacy awareness: The operator of the DS does not know which organisation the user is from after the user made his choice
  • Embeddable: The DS can be embedded with a JavaScript on any web page
  • Filtering: The IdPs listed in the DS can be filtered according to federation, entity categories or individually by adding a proprietary filtering expression to the URL to load the DS from. The filter can be created in a specific filter user interface.

The Discovery Service documentation (for SP administrators) is on the GEANT wiki.

The RA21 prototype Discovery Service (special branch based on pyFF, python) has been developed by Leif Johansson (SUNET) with and for the RA21 project. A prototype of the user interface is available on the pyFF nightly instance. It demonstrates an example user interface that was invested quite some work in together with RA21 UI experts and that was mostly created with the RA21 target services (login on publisher web sites) in mind.


The long term goal of this pilot is to contribute to a state-of-the-art, user-friendly, SAML2-compliant default IdP Discovery Service that eduGAIN Service Providers can use (alternatively to operating their own Discovery Service or rely on a federation-specific one). This Discovery Service can be delivered as either of these:

  • fully operated by the RA21 interest group that GEANT is a prominent member of. This delivery model would mean that GEANT would not operate an own default Discovery Service for eduGAIN.
  • using a static custom GEANT/eduGAIN-branded front-end of the RA21 discovery service 
  • operate an independent Discovery Service (e.g. the CESNET implementation) that interacts with the RA21 service via their API

Part of the work of this cycle will be to identify the most suitable delivery model of the above.


The DSX Discovery service already has a Privacy Policy. Its implementation (by CESNET) is already very privacy aware compared to other discovery service implementations.


This activity is successfully finished when:

  • A report is delivered describing the feedback from the current users of the discovery pilot
  • The current discovery pilot is handed over to WP5 T1 eduGAIN so it can be moved into a production service
  • A first test implementation was build using the architecture and tools as provided by the RA21 project


The discovery pilot will be handed over to T1 eduGAIN for the purpose of making it a production service

Most likely, the RA21 work continued in this cycle will not be complete. Ideally, this cycle is followed by another cycle with similar staff member and a better understanding of the RA21 service.


Activity Results

Meetings

Date

Activity

Owner

Minutes

Feb 14, 2017

Kickoff meeting

Jule Ziegler 

DiscoveryPilotKickOffVC.pdf 

















Documents


Additional Pages