How to join eduGAIN

Download Report

Transcript How to join eduGAIN

eduGAIN federation operator training

Operations Team, OT, how to join eduGAIN 2011-10-17/18 Valter Nordh, NORDUnet / GU

Innovation through participation

1

Governance structure

NREN PC / GEANT EXEC TSG eduGAIN OT

Mandatory issues Very long term documents (policy) Recommendations and documents changing more frequently (technical) Daily issues and very changing documents

Innovation through participation

2

Joining process

Enrolment process for a typical federation Federation A • Federation A signs the eduGAIN Policy Declaration and presents it to the OT • The OT confirms that the applicant Federation fulfils the requirements OT Federation A + OT • Upon approval by the OT, the OT takes the necessary technical steps to register the Federation to eduGAIN.

Innovation through participation

3

Joining process

The guide for federations joining eduGAIN is located at: http://www.edugain.org/joining_checklist.php

The federation status page is located at: http://www.edugain.org/federation_status.php

Innovation through participation

eduGAIN metadata set

eduGAIN metadata set can be used in accordance with the eduGAIN Policy Framework Metadata Terms of Access and Use document.

eduGAIN metadata is publicly available, however it is primarily intended for participating Federations to consume, possibly filter, resign and present to their members.

The eduGAIN metadata set cannot contain duplicate entries. If the same entity is published by two federations, only the one which has entered the set first will remain. The eduGAIN OT will contact the Federations supplying conflicting entries in order to resolve the clash.

Federations SHOULD NOT supply non-production entities within their metadata sets passed to eduGAIN Federations are responsible for an interpretation of the above clause services used for general testing can be considered as of production type is they can be accessed by members from multiple federations

Innovation through participation

eduGAIN test service

eduGAIN runs a test service using an identical technical infrastructure as the production service and available at http://mds-test.edugain.org.

eduGAIN test service is not bound by the formal conditions of the eduGAIN production service and is provided mainly to test the technical infrastructure of a Federation before it formally joins eduGAIN Federations willing to join eduGAIN are encouraged to start by joining the test service

Innovation through participation

Joining prerequisites

Federations should apply for joining eduGAIN only if they have previously read the eduGAIN policy documents (http://www.edugain.org/policy) and have at least one metadata entry ready to be added to the eduGAIN service.

Metadata sets supplied to eduGAIN SHOULD NOT contain test entries unless they are available to multiple services and can be used as a testing tools; the eduGAIN test service can be use for unlimited testing It is advisable that the Federation planning to join eduGAIN first enters the eduGAIN test service The signed copy of the eduGAIN Policy Declaration will be necessary as one of the following steps, but since the policy signing procedure can be a timely process, it is advisable that the applying Federation starts the procedure as soon as possible

Innovation through participation

Joining the test service

Applying Federation MUST send an e-mail to [email protected] providing: contact address for eduGAIN related matters, URL pointer to the metadata source for MDS.

Upon reception of this mail the OT will: contact the Federation and set up a proper method of exchanging of the Federation signing certificate and the MDS signing certificate; verify that the provided Metadata set is syntactically valid and contains the reference to the eduGAIN Policy Framework Metadata Terms of Access and Use document; after obtaining the signing certificate from the Federation, create a new entry in the test MDS service and notify the Federation that the service is ready to use.

Innovation through participation

Joining the production service

Applying Federation MUST send an e-mail to [email protected] providing: contact address for eduGAIN related matters, URL pointer for the Federation page, URL pointer to the English version of the Federation Policy , URL pointer to Metadata registration practice statement, URL pointer to the metadata source for MDS, a description or a pointer to a description explaining how the Federation takes care of the opt-in process by its members.

Innovation through participation

Joining the production service

Upon reception of this mail the OT will: contact the Federation and set up a proper method of exchanging of the Federation signing certificate and the MDS signing certificate; verify that the initial Metadata set is syntactically valid and contains the reference to the eduGAIN Policy Framework Metadata Terms of Access and Use document; verify that the Federation page contains information which is sufficient to confirm that

the Federation primarily serves the interests of the education and research sector;

verify that all supplied pointers are valid and that the documents they point to are satisfactory; contact the Federation with either a confirmation of acceptance of the supplied information or with requests for supplementary documentation or correction of what has been supplied.

Innovation through participation

Joining the production service

Applying Federation MUST sign the eduGAIN Policy Declaration and: provide a pointer to the scanned document send the original signed paper document to the OT Upon reception and verification of all relevant information the OT takes the steps described in the constitution to finalise the joining process. In certain cases this may involve passing the application trough the eduGAIN TSG to the GÉANT Exec and may take some time When the formal process has been finalised, the OT adds the federation to the MDS production service, notifies the Federation the service has been started, update the eduGAIN participant list on the eduGAIN site.

Innovation through participation

Avoiding errors

Documentation and policy read all of it consult the eduGAIN status page http://www.edugain.org/federation_status.php

do it and see how others Opt-in you must be aware that eduGAIN requires that only willing participants appear in metadata exposed to the MDS.

Metadata format check the eduGAIN metadata profile for all required attributes; remember, that a SHOULD requirement is nearly equivalent to MUST, you must have a good reason not to provide something which is expected with a SHOULD clause No experimental entries in eduGAIN do not supply entities which are not meant for production international use

Innovation through participation

Avoiding errors (cont.)

English version of the documents remember that members of eduGAIN federations need to have access to documents governing other federations and must be able to understand them, therefore an English translation (even if it can only be at the best-effort level) is very important eduGAIN ToU metadata derived from eduGAIN, i.e. the metadata which you will provide to your Federation, must be marked with the reference to eduGAIN Terms of Use, check the eduGAIN metadata profile for description how this is to be done In order to avoid duplicated SP entries try to make sure that Service Provides published in your metadata will not appear in other Federations – the opt-in procedure should safeguard against this, however big SPs might have country representatives not quite aware of what their siblings in other courtiers do, therefore – take care

Innovation through participation

Getting more information

REFEDS, see www.refeds.org

http://www.terena.org/[email protected]

General questions and ideas around federations, interfederations etc.

The eduGAIN Project mailing list: [email protected]

http://mail.geant.net/mailman/listinfo/edugain eduGAIN specific questions Reporting bugs in the MDS: https://issues.geant.net/jira/browse/MDS eduGAIN website at: www.edugain.org

Innovation through participation

Contact info for eduGAIN OT

[email protected]

Innovation through participation

Future work

We divide in two groups What needs to be done in order to grow eduGAIN?

Innovation through participation