[Tf-aai] Developments in AAI/Meetings in Vienna

Martin Matthiesen martin.matthiesen at csc.fi
Wed Dec 9 17:04:45 CET 2015 

Hello again,

Here still the most interesting points made in Vienna (purely my perspective):

* FIM4R

** The classic: Attribute Release

Attribute Release is still an issue, but as mentioned before my impression was that it is taken a bit more seriously now than in the past. I took from the discussion that I will try to influence things at home a bit more. It is not very believable to ask IdPs outside of Finland to consider eduGAIN, Attribute Release and the CoCo if only 50% of the domestic IdPs do so.

** Dataprotection Code of Conduct

CoCo is still slow in uptake. One IdP said directly that he finds it problematic that the CoCo scales and he would not be able to vet SPs beforehand. Since scaling is the whole point of the CoCo that seems to be a problem. I have a suggestion below.

** Sertfi

Hannah Short from Cern presented an upcoming process for SP-IDP-communication in case of security incidents. A pilot will start likely mid 2016. I thought this was interesting for 2 reasons: 1) We would like to have such a process when it happens, and not develop is as we go along and 2) it can help to improve IDP-SP relations at least for the pilot members.

** Orcid

Orcid supports now also linking of Orcid and EPPN. There was talk about it becoming an Attribute Authority, so SPs could potentially request Orcids for users. This can be useful for applications where traceabilty is important or where users change organisations frequently.

** Level of Assurance

A first draft of minimum requirements was presented. The ongoing problems with Attribute Release make this feel academic, but the issue will need to be resolved at the same time, since Attributes with no LoA attached to them also not very useful in the long run.

** SPF for all?

The most interesting in the FIM4R meeting was the suggestion to do something similar to the SPF for all research communities. I can see a benefit from a political standpoint, but not from the scalability standpoint. I do think that Clarin should liaise with other research communities since essentially all of them have the same problems with eduGAIN even if they are not aware of it yet.

* eduGAIN/Refeds

** eduGAIN Service or infrastructure

The question came up, whether eduGAIN is a service (that would bother with Attribute Release) or an infrastructure (that would not bother with it but leave it to the participants).
My impression was that it was consensus that eduGAIN perceived itself more as a service than an infrastructure, but in the coffee break I asked understood that some people had the opposite impression.


** Testing IdPs

https://technical.edugain.org/eccs
Based on ideas from Jozef, but unfortunately he was not credited. We know better.

** Who can join?

There was some discussion on whether commercial IdPs can join eduGAIN or not and whether they should be marked via Entity Category or not.



* Topic suggestion for our next Taskforce meeting

So far I have 1 person interested in a meeting before Christmas.

I would like to have some feedback on the following idea:

As mentioned above one of the problems of the CoCo is that it would scale but that scares at least some IdP Operators. I also had conversations of the type: "So why do you need Attribute X?"
There was some sympathy though, that this question cannot be answered to each IdP individually.

Now, for Haka I already get asked these questions and if I can answer them I get the attribute from all Finnish IdPs. It turns out that at least the Danish and Greek federation work in a similar way. My idea would be the following: Could we as Clarin request that federations build a trust network where they acknowledge that they have compatible requirements for admitting SPs locally and that they therefore can treat foreign SPs from "Partner Federations" that support the Code of Conduct like their own. 

Essentially Federations like Haka, Wayf.dk, Grnet agree that the other federation vets SPs good enough for them to accept them via eduGAIN if they support the CoCo.
This of course will not work for Federations that do not vet at all (Belgium?) but it is a start to make things scale somewhat.

This of course would slowly obsolete the SPF if it worked. But it would also give Federations a way to express mutual trust on a different level than only via Entity Category.

Thoughts?

Cheers,
Martin


-- 
Martin Matthiesen
CSC - Tieteen tietotekniikan keskus
CSC - IT Center for Science
PL 405, 02101 Espoo, Finland
+358 9 457 2376, martin.matthiesen at csc.fi
Public key : https://pgp.mit.edu/pks/lookup?op=get&search=0x74B12876FD890704
Fingerprint: AA25 6F56 5C9A 8B42 009F  BA70 74B1 2876 FD89 0704

----- Original Message -----
> From: "Martin" <martin.matthiesen at csc.fi>
> To: "tf-aai" <tf-aai at lists.clarin.eu>
> Sent: Friday, 4 December, 2015 18:17:59
> Subject: Developments in AAI/Meetings in Vienna

> Dear Taskforce,
> 
> It has been a while, I wonder whether we can organise a meeting still in 2015?
> If I get 5-6 replies I'll send a Doodle.
> 
> Recent developments:
> 
> There was a FIM4R/eduGAIN/Refeds/EWTI-meeting in Vienna 30.11.-3.12. Clarin was
> represented by myself(30.11./1.12), Dieter (30.11.) and Jozef (whole time) and
> in spirit by Daan, who was there for EUDAT on 30.11.
> 
> We did not present any SPF status report. Maybe we should have done, but while
> my impression was that things had not moved massively in eduGAIN (as we could
> observe during the last year), I still found the atmosphere friendlier than
> expected.
> 
> Nicole Harris and Ann Harding from Geant requested numbers on coverage SPF vs.
> eduGAIN, I volunteered to provide them. Turns out they are not as easy to come
> by as I thought, I will send them to you first for comments.
> 
> Us present tried to highlight the ongoing trust issues between SPs and IdPs. The
> main "news" for me was indeed that I expected much more indifference and/or
> hostility.
> 
> This as a first short overview, I intend to send a bit longer version next week,
> with some concrete observations.
> 
> Have a nice weekend!
> 
> Martin
> 
> References:
> 
> Fim4R: http://fim4r.daasi.de/?page_id=21
> eduGAIN/Refeds: https://refeds.org/meetings/31st-meeting-december-2015
> 
> 
> 
> --
> Martin Matthiesen
> CSC - Tieteen tietotekniikan keskus
> CSC - IT Center for Science
> PL 405, 02101 Espoo, Finland
> +358 9 457 2376, martin.matthiesen at csc.fi
> Public key : https://pgp.mit.edu/pks/lookup?op=get&search=0x74B12876FD890704
> Fingerprint: AA25 6F56 5C9A 8B42 009F  BA70 74B1 2876 FD89 0704

More information about the Tf-aai mailing list