1 / 13

EduGAIN policy (working draft)

EduGAIN policy (working draft). Status update REFEDs 30th May 2010 Mikael.linden@csc.fi. eduGAIN project in general. Purpose of eduGAIN, (a.k.a. GÉANT3 Service Activity 3, Task 3) Create a confederation interconnect existing federations Timeline 4/2010 technical pre-pilot started

osma
Télécharger la présentation

EduGAIN policy (working draft)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EduGAIN policy (working draft) Status update REFEDs 30th May 2010 Mikael.linden@csc.fi

  2. eduGAIN project in general • Purpose of eduGAIN, (a.k.a. GÉANT3 Service Activity 3, Task 3) • Create a confederation interconnect existing federations • Timeline • 4/2010 technical pre-pilot started • 10/2010 pilot starts • 4/2011 production starts, policy signed • 4/2013 project ends • For details, listen to TNC speak on Wednesday 11-12.30 • Task leader: Valter Nordh • Policy sub-task: Mikael Linden

  3. Proposed eduGAIN bodies • NREN PC • As defined by Geant network and project • Technical Steering Group (TSG) • On delegate from each participant federation • Operational Team (OT) • Daily technical issues

  4. Proposed eduGAIN Policy structure

  5. 1. Agreement • Joining federation signs • Unilateral declaration where joining federation commits to the terms

  6. 2. Constitution • Eligibility to join • GN3 project partners • Other federations if approved by NREN PC • Requirements for joining federations • Primarily from research and education • Ensure Providers conform to policy • Provide helpdesk • Incident handling

  7. 2. Policy Enforcement In case of a severe policy violation, OT • issues a notice to the TSG, or • propose to NREN PC a temporary quarantine period, or • propose to NREN PC a disqualification of the participant federation from the confederation.

  8. 2. Other issues • Branding: leave the door open for eduID • Audits: No audits for federations or IdPs • Profiles supplementing the constitution • NREN PC approves, if REQUIRED • TSG approves, if RECOMMENDED or OPTIONAL

  9. 3. Technical profiles • Metadata profile (REQUIRED) • A SAML2 metadata profile • SAML 2.0 profile (RECOMMENDED) • Saml2int.org ver 0.2 ?

  10. 3. Attribute syntax and semantics important RECOMMENDED webSSO attribute profile • RECOMMENDED attributes (cn, mail, eP(S)A, schacHomeOrganization, schacHomeOrganizationType) • ePA semantics (if needed, define a new attribute) • SAML2 persistentID RECOMMENDED • ePPN MAY be used

  11. 3. Data Protection OPTIONAL data protection profile • Helps to conform to directive 95/46/EC on data protection • SPs have two categories: PII and non-PII • Defines IdPs’ and SPs’ coordinated functionality • For minimal disclosure, informing the end user, legal grounds for processing, release to 3rd countries… • Relies on SAML2 metadata tags

  12. 3. Quality of IdP-side Identity management • IdPs must ensure that attributes released are up-to-date • (some interest in expressing Level of Assurance in the assertion)

  13. Got interested? • Provide your comments • Face to face • By mail to edugain-policy@geant.net • In our vc every second Thursday at 10.00 CEST on connect.sunet.se/edugain • The next one is in 10th June

More Related