innovation through participation edugain policy: a worm report tf-emc2 vienna 17.2.2010 mikael...
TRANSCRIPT
Innovation through participation
eduGAIN policy: A worm report
TF-EMC2 Vienna 17.2.2010
Mikael Linden, CSC
The worm farmer
Innovation through participation
GN3 Service Activity 3 Task 3:eduGAIN
A project that implements the framework to interconnect the various AAI federations in Europe
Builds on GN2/JRA5 eduGAIN
Deliverables and milestones
10/2009: use case analysis
4/2010: eduGAIN service definition and policy
10/2010: service rollout plan
4/2011: pilot phase with five NRENs
SA3 Activity Leader: Josh Howlett
SA3T3 Task Leader: Valter Nordh
SA3T3 policy subtask Leader: Mikael Linden
Innovation through participation
Layered approach to eduGAIN policy documentation
1. Document joining federation signs (2-3 pages)- Either unilateral declaration or bilateral agreement- Refers to constitution
2. Documents NREN PC approves and updates- eduGAIN constitution (5-10 pages)- Mandatory features
3. Documents Technical Steering Groups approves- Technical stuff- recommendations and profiles
Hig
h le
vel p
olic
y st
uff
Tec
hnic
al d
etai
ls
Innovation through participation
Policy: done so far
Identified possible policy issues (”policy worms”)
Put the issues in categories 1, 2 and 3 (”dartboard”)
Spent quite a time on drafting a data protection profile
To cover the data protection directive
Not covered in this speak
Drafted metadata terms of Use
Discussed if eduGAIN is joined by signing a unilateral declaration or a bilateral agreement
First draft of eduGAIN ”constitution” (covered next)
http://wiki.geant.net/bin/view/SA3/T3Sandbox
Innovation through participation
Edugain constitution draft (1/7)Confederation governance
NREN PC
Updates constitution
Decides on peering
Technical Steering Group
One delegate for each participant federation
Prepares issues for NREN PC
Approves other documents
Operational Team
Daily technical issues
Innovation through participation
Edugain constitution draft (2/7) Joining eduGAIN
Who may join?
GN3 consortium members’ federations
Other federations that NREN PC approve
Requirements for joining federations
Incident handling…
Support for local Providers ..
…
Process
Applicant signs agreement
OT(?) checks requirements are fulfilled
If necessary, NREN PC approves
Innovation through participation
Edugain constitution draft (3/7) Attributes and Privacy
recommended attributes (that IdPs SHOULD populate)
Common name
eduPersonAffiliation, eduPersonScopedAffiliation
schacHomeOrganisation, schacHomeOrganisationType
Data protection profile
Optional for IdPs and SPs
Helps providers to fulfill the requirements from Data protection directive
Innovation through participation
Edugain constitution draft (4/7) User experience, branding, IPR
TSG defines and OT operates a discovery service?
Participant federations recommend to SPs that ”eduID (if any)” is used as the brand towards end users?
eduGAIN is a registered trademark of Dante
Innovation through participation
Edugain constitution draft (5/7) Quality of IdP-side IdM
Level of assurance for identities
IdPs provide only up-to-date user identities (e.g. eP[S]A values)
TSG approves a detailed profile
Level of assurance for authentication
TSG approves a detailed profile
Innovation through participation
Edugain constitution draft (6/7) Audits
eduGAIN operations
To be agreed between eduGAIN/Dante and OT
Participating federation operations
No audits
Participating IdPs and SPs
No audits
Innovation through participation
Edugain constitution draft (7/7) Technical profiles
TSG approves
SAML2 profile
Metadata profile
Other profiles