html5-img
1 / 16

eduGAIN federation operator training Operations Team, OT, how to join eduGAIN 2011-10-17/18

eduGAIN federation operator training Operations Team, OT, how to join eduGAIN 2011-10-17/18. Valter Nordh, NORDUnet / GU. Governance structure. Mandatory issues Very long term documents (policy) Recommendations and documents changing more frequently (technical)

haven
Download Presentation

eduGAIN federation operator training Operations Team, OT, how to join eduGAIN 2011-10-17/18

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. eduGAIN federation operator trainingOperations Team, OT, how to join eduGAIN2011-10-17/18 Valter Nordh, NORDUnet / GU

  2. Governance structure Mandatory issuesVery long term documents(policy) Recommendations and documents changing more frequently (technical) Daily issues and very changing documents

  3. Joining process • Enrolment process for a typical federation

  4. Joining process • The guide for federations joining eduGAIN is located at:http://www.edugain.org/joining_checklist.php • The federation status page is located at:http://www.edugain.org/federation_status.php

  5. eduGAIN metadata set • eduGAIN metadata set can be used in accordance with the eduGAIN Policy Framework Metadata Terms of Access and Use document. • eduGAIN metadata is publicly available, however it is primarily intended for participating Federations to consume, possibly filter, resign and present to their members. • The eduGAIN metadata set cannot contain duplicate entries. If the same entity is published by two federations, only the one which has entered the set first will remain. The eduGAIN OT will contact the Federations supplying conflicting entries in order to resolve the clash. • Federations SHOULD NOT supply non-production entities within their metadata sets passed to eduGAIN • Federations are responsible for an interpretation of the above clause • services used for general testing can be considered as of production type is they can be accessed by members from multiple federations

  6. eduGAIN test service • eduGAIN runs a test service using an identical technical infrastructure as the production service and available at http://mds-test.edugain.org. • eduGAIN test service is not bound by the formal conditions of the eduGAIN production service and is provided mainly to test the technical infrastructure of a Federation before it formally joins eduGAIN • Federations willing to join eduGAIN are encouraged to start by joining the test service

  7. Joining prerequisites • Federations should apply for joining eduGAIN only if they have previously read the eduGAIN policy documents (http://www.edugain.org/policy) and have at least one metadata entry ready to be added to the eduGAIN service. • Metadata sets supplied to eduGAIN SHOULD NOT contain test entries unless they are available to multiple services and can be used as a testing tools; the eduGAIN test service can be use for unlimited testing • It is advisable that the Federation planning to join eduGAIN first enters the eduGAIN test service • The signed copy of the eduGAIN Policy Declaration will be necessary as one of the following steps, but since the policy signing procedure can be a timely process, it is advisable that the applying Federation starts the procedure as soon as possible

  8. Joining the test service • Applying Federation MUST send an e-mail to edugain-ot@geant.net providing: • contact address for eduGAIN related matters, • URL pointer to the metadata source for MDS. • Upon reception of this mail the OT will: • contact the Federation and set up a proper method of exchanging of the Federation signing certificate and the MDS signing certificate; • verify that the provided Metadata set is syntactically valid and contains the reference to the eduGAIN Policy Framework Metadata Terms of Access and Use document; • after obtaining the signing certificate from the Federation, create a new entry in the test MDS service and notify the Federation that the service is ready to use.

  9. Joining the production service • Applying Federation MUST send an e-mail to edugain-ot@geant.net providing: • contact address for eduGAIN related matters, • URL pointer for the Federation page, • URL pointer to the English version of the Federation Policy , • URL pointer to Metadata registration practice statement, • URL pointer to the metadata source for MDS, • a description or a pointer to a description explaining how the Federation takes care of the opt-in process by its members.

  10. Joining the production service • Upon reception of this mail the OT will: • contact the Federation and set up a proper method of exchanging of the Federation signing certificate and the MDS signing certificate; • verify that the initial Metadata set is syntactically valid and contains the reference to the eduGAIN Policy Framework Metadata Terms of Access and Use document; • verify that the Federation page contains information which is sufficient to confirm that the Federation primarily serves the interests of the education and research sector; • verify that all supplied pointers are valid and that the documents they point to are satisfactory; • contact the Federation with either a confirmation of acceptance of the supplied information or with requests for supplementary documentation or correction of what has been supplied.

  11. Joining the production service • Applying Federation MUST sign the eduGAIN Policy Declaration and: • provide a pointer to the scanned document • send the original signed paper document to the OT • Upon reception and verification of all relevant information the OT takes the steps described in the constitution to finalise the joining process. In certain cases this may involve passing the application trough the eduGAIN TSG to the GÉANT Exec and may take some time • When the formal process has been finalised, the OT • adds the federation to the MDS production service, • notifies the Federation the service has been started, • update the eduGAIN participant list on the eduGAIN site.

  12. Avoiding errors • Documentation and policy • read all of it • consult the eduGAIN status page http://www.edugain.org/federation_status.php and see how others do it • Opt-in • you must be aware that eduGAIN requires that only willing participants appear in metadata exposed to the MDS. • Metadata format • check the eduGAIN metadata profile for all required attributes; remember, that a SHOULD requirement is nearly equivalent to MUST, you must have a good reason not to provide something which is expected with a SHOULD clause • No experimental entries in eduGAIN • do not supply entities which are not meant for production international use

  13. Avoiding errors (cont.) • English version of the documents • remember that members of eduGAIN federations need to have access to documents governing other federations and must be able to understand them, therefore an English translation (even if it can only be at the best-effort level) is very important • eduGAIN ToU • metadata derived from eduGAIN, i.e. the metadata which you will provide to your Federation, must be marked with the reference to eduGAIN Terms of Use, check the eduGAIN metadata profile for description how this is to be done • In order to avoid duplicated SP entries try to make sure that Service Provides published in your metadata will not appear in other Federations – the opt-in procedure should safeguard against this, however big SPs might have country representatives not quite aware of what their siblings in other courtiers do, therefore – take care

  14. Getting more information • REFEDS, see www.refeds.orghttp://www.terena.org/mailinglists.php?list=refeds@terena.orgGeneral questions and ideas around federations, interfederations etc. • The eduGAIN Project mailing list: edugain@geant.nethttp://mail.geant.net/mailman/listinfo/edugaineduGAIN specific questions • Reporting bugs in the MDS: https://issues.geant.net/jira/browse/MDS • eduGAIN website at:www.edugain.org

  15. Contact info for eduGAIN OT edugain-ot@geant.net

  16. Future work • We divide in two groups • What needs to be done in order to grow eduGAIN?

More Related