[Tf-aai] Developments in AAI/Meetings in Vienna
Jozef Misutka
misutka at ufal.mff.cuni.cz
Wed Dec 9 21:19:26 CET 2015
Martin,
thank you for the summary which is full of interesting information. See my
comments below.
On 9 December 2015 at 17:04, Martin Matthiesen <martin.matthiesen at csc.fi>
wrote:
> Hello again,
>
> Here still the most interesting points made in Vienna (purely my
> perspective):
>
> * FIM4R
>
> ** The classic: Attribute Release
>
> Attribute Release is still an issue, but as mentioned before my impression
> was that it is taken a bit more seriously now than in the past. I took from
> the discussion that I will try to influence things at home a bit more. It
> is not very believable to ask IdPs outside of Finland to consider eduGAIN,
> Attribute Release and the CoCo if only 50% of the domestic IdPs do so.
>
> ** Dataprotection Code of Conduct
>
> CoCo is still slow in uptake. One IdP said directly that he finds it
> problematic that the CoCo scales and he would not be able to vet SPs
> beforehand. Since scaling is the whole point of the CoCo that seems to be a
> problem. I have a suggestion below.
>
> ** Sertfi
>
> Hannah Short from Cern presented an upcoming process for
> SP-IDP-communication in case of security incidents. A pilot will start
> likely mid 2016. I thought this was interesting for 2 reasons: 1) We would
> like to have such a process when it happens, and not develop is as we go
> along and 2) it can help to improve IDP-SP relations at least for the pilot
> members.
>
> ** Orcid
>
> Orcid supports now also linking of Orcid and EPPN. There was talk about it
> becoming an Attribute Authority, so SPs could potentially request Orcids
> for users. This can be useful for applications where traceabilty is
> important or where users change organisations frequently.
>
> ** Level of Assurance
>
> A first draft of minimum requirements was presented. The ongoing problems
> with Attribute Release make this feel academic, but the issue will need to
> be resolved at the same time, since Attributes with no LoA attached to them
> also not very useful in the long run.
>
> ** SPF for all?
>
> The most interesting in the FIM4R meeting was the suggestion to do
> something similar to the SPF for all research communities. I can see a
> benefit from a political standpoint, but not from the scalability
> standpoint. I do think that Clarin should liaise with other research
> communities since essentially all of them have the same problems with
> eduGAIN even if they are not aware of it yet.
>
> * eduGAIN/Refeds
>
> ** eduGAIN Service or infrastructure
>
> The question came up, whether eduGAIN is a service (that would bother with
> Attribute Release) or an infrastructure (that would not bother with it but
> leave it to the participants).
> My impression was that it was consensus that eduGAIN perceived itself more
> as a service than an infrastructure, but in the coffee break I asked
> understood that some people had the opposite impression.
>
>
> ** Testing IdPs
>
> https://technical.edugain.org/eccs
> Based on ideas from Jozef, but unfortunately he was not credited. We know
> better.
>
I was rather hoping to have CLARIN mentioned during the presentation and
additionally, CLARIN was added to the credits section of the presentation -
see https://wiki.edugain.org/EduGAIN_Town_Hall-20151201.
>
> ** Who can join?
>
> There was some discussion on whether commercial IdPs can join eduGAIN or
> not and whether they should be marked via Entity Category or not.
>
>
>
> * Topic suggestion for our next Taskforce meeting
>
> So far I have 1 person interested in a meeting before Christmas.
>
> I would like to have some feedback on the following idea:
>
> As mentioned above one of the problems of the CoCo is that it would scale
> but that scares at least some IdP Operators. I also had conversations of
> the type: "So why do you need Attribute X?"
> There was some sympathy though, that this question cannot be answered to
> each IdP individually.
>
> Now, for Haka I already get asked these questions and if I can answer them
> I get the attribute from all Finnish IdPs. It turns out that at least the
> Danish and Greek federation work in a similar way. My idea would be the
> following: Could we as Clarin request that federations build a trust
> network where they acknowledge that they have compatible requirements for
> admitting SPs locally and that they therefore can treat foreign SPs from
> "Partner Federations" that support the Code of Conduct like their own.
>
> Essentially Federations like Haka, Wayf.dk, Grnet agree that the other
> federation vets SPs good enough for them to accept them via eduGAIN if they
> support the CoCo.
> This of course will not work for Federations that do not vet at all
> (Belgium?) but it is a start to make things scale somewhat.
>
> This of course would slowly obsolete the SPF if it worked.
Unless *all* IdPs from each federation are in eduGAIN, SPF cannot be
obsoleted.
It was suggested by operators from one federation, that eduGAIN map should
be redrawn to actually show the coverage per IdP not per state. Look at
Spain, only 10 IdPs in eduGAIN, Germany 38 out of +-208, 9 out of +-44 in
Finland etc...
best,
jm
> But it would also give Federations a way to express mutual trust on a
> different level than only via Entity Category.
>
> Thoughts?
>
> Cheers,
> Martin
>
>
> --
> Martin Matthiesen
> CSC - Tieteen tietotekniikan keskus
> CSC - IT Center for Science
> PL 405, 02101 Espoo, Finland
> +358 9 457 2376, martin.matthiesen at csc.fi
> Public key :
> https://pgp.mit.edu/pks/lookup?op=get&search=0x74B12876FD890704
> Fingerprint: AA25 6F56 5C9A 8B42 009F BA70 74B1 2876 FD89 0704
>
> ----- Original Message -----
> > From: "Martin" <martin.matthiesen at csc.fi>
> > To: "tf-aai" <tf-aai at lists.clarin.eu>
> > Sent: Friday, 4 December, 2015 18:17:59
> > Subject: Developments in AAI/Meetings in Vienna
>
> > Dear Taskforce,
> >
> > It has been a while, I wonder whether we can organise a meeting still in
> 2015?
> > If I get 5-6 replies I'll send a Doodle.
> >
> > Recent developments:
> >
> > There was a FIM4R/eduGAIN/Refeds/EWTI-meeting in Vienna 30.11.-3.12.
> Clarin was
> > represented by myself(30.11./1.12), Dieter (30.11.) and Jozef (whole
> time) and
> > in spirit by Daan, who was there for EUDAT on 30.11.
> >
> > We did not present any SPF status report. Maybe we should have done, but
> while
> > my impression was that things had not moved massively in eduGAIN (as we
> could
> > observe during the last year), I still found the atmosphere friendlier
> than
> > expected.
> >
> > Nicole Harris and Ann Harding from Geant requested numbers on coverage
> SPF vs.
> > eduGAIN, I volunteered to provide them. Turns out they are not as easy
> to come
> > by as I thought, I will send them to you first for comments.
> >
> > Us present tried to highlight the ongoing trust issues between SPs and
> IdPs. The
> > main "news" for me was indeed that I expected much more indifference
> and/or
> > hostility.
> >
> > This as a first short overview, I intend to send a bit longer version
> next week,
> > with some concrete observations.
> >
> > Have a nice weekend!
> >
> > Martin
> >
> > References:
> >
> > Fim4R: http://fim4r.daasi.de/?page_id=21
> > eduGAIN/Refeds: https://refeds.org/meetings/31st-meeting-december-2015
> >
> >
> >
> > --
> > Martin Matthiesen
> > CSC - Tieteen tietotekniikan keskus
> > CSC - IT Center for Science
> > PL 405, 02101 Espoo, Finland
> > +358 9 457 2376, martin.matthiesen at csc.fi
> > Public key :
> https://pgp.mit.edu/pks/lookup?op=get&search=0x74B12876FD890704
> > Fingerprint: AA25 6F56 5C9A 8B42 009F BA70 74B1 2876 FD89 0704
> _______________________________________________
> Tf-aai mailing list
> Tf-aai at lists.clarin.eu
> https://lists.clarin.eu/cgi-bin/mailman/listinfo/tf-aai
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20151209/ff41ca53/attachment.htm>
More information about the Tf-aai
mailing list