60 likes | 80 Views
eduGAIN policy update. Status update REFEDs 31st October 2010 Mikael.linden@csc.fi. eduGAIN project in general. eduGAIN (a.k.a. GÉANT3 Service Activity 3, Task 3) Create a service that allows federations to interfederate Timeline 10/2010 pilot starts
E N D
eduGAIN policy update Status update REFEDs 31st October 2010 Mikael.linden@csc.fi
eduGAIN project in general • eduGAIN (a.k.a. GÉANT3 Service Activity 3, Task 3) • Create a service that allows federations to interfederate • Timeline • 10/2010 pilot starts • 4/2011 production starts, policy signed • For details, listen to I2MM speak by Valter Nordh • Policy sub-task: Mikael Linden
Service Provider (a Member) SP Participant Federation AP IdP SP Home Organisation (a Member) IdP Participant Federation SP IdP SP eduGAIN service SP Participant Federation IdP Entities Participant Federation SP IdP IdP SP IdP SP eduGAIN interconnects participant federations
Some design criteria • Existing participant federations’ policies are not changed • eduGAIN only mediates participant federations’ SAML2 metadata • Mandatory requirements for Home Orgs and SPs minimised • Behavioral issues (LoA, privacy) left to eduGAIN’s optional profiles • Attribute changes minimised • eduGAIN attribute profile recommends displayName, CN, mail, eP[S]A, schacHomeOrg, schacHomeOrgType • Initially WebSSO, but leaves the door open for else • Optional SAML WebSSO profile (SAML2int.org v0.2) • Initially European, but leaves the door open for others • Funding comes from Europe • Other federations can join as well
eduGAIN bodies • NREN PC • The governing body of the GEANT project • Technical Steering Group (TSG) • One delegate from each participant federation • Operational Team (OT) • Daily technical issues
eduGAIN Constitution(NREN PC approves/changes) refers to is supplemented by Profiles, required(NREN PC approves/changes) Policy Declaration(signed by Federation 1) Profiles, required(NREN PC approves/changes) Policy Declaration(signed by Federation 2) Policy Declaration(signed by Federation 3) Profiles, recommended(TSG approves/changes) Profiles, recommended(TSG approves/changes) Profiles, optional(TSG approves/changes) Profiles, optional(TSG approves/changes) Policy structure and profiles Proposed profiles: • Metadata profile (MUST) • WebSSO profile (MAY) • Attribute profile (SHOULD) • Data protection profile (MAY), (c.f. EU data protection directive) Identified work items: • LoA profile (MAY) www.edugain.org/policy