How to join eduGAIN

Report
eduGAIN federation operator training
Operations Team, OT, how to join eduGAIN
2011-10-17/18
Valter Nordh, NORDUnet / GU
Innovation through participation
1
Governance structure
NREN
PC /
GEANT
EXEC
Mandatory issues
Very long term documents
(policy)
TSG
Recommendations and documents
changing more frequently
(technical)
eduGAIN OT
Daily issues and very changing
documents
Innovation through participation
2
Joining process
Enrolment process for a typical federation
Federation
A
OT
Federation
A + OT
• Federation A signs the eduGAIN Policy
Declaration and presents it to the OT
• The OT confirms that the applicant
Federation fulfils the requirements
• Upon approval by the OT, the OT takes
the necessary technical steps to
register the Federation to eduGAIN.
Innovation through participation
3
Joining process
The guide for federations joining eduGAIN is located at:
http://www.edugain.org/joining_checklist.php
The federation status page is located at:
http://www.edugain.org/federation_status.php
Innovation through participation
eduGAIN metadata set
eduGAIN metadata set can be used in accordance with the eduGAIN
Policy Framework Metadata Terms of Access and Use document.
eduGAIN metadata is publicly available, however it is primarily intended
for participating Federations to consume, possibly filter, resign and
present to their members.
The eduGAIN metadata set cannot contain duplicate entries. If the same
entity is published by two federations, only the one which has entered
the set first will remain. The eduGAIN OT will contact the Federations
supplying conflicting entries in order to resolve the clash.
Federations SHOULD NOT supply non-production entities within their
metadata sets passed to eduGAIN
Federations are responsible for an interpretation of the above
clause
services used for general testing can be considered as of
production type is they can be accessed by members from multiple
federations
Innovation through participation
eduGAIN test service
eduGAIN runs a test service using an identical technical infrastructure
as the production service and available at http://mds-test.edugain.org.
eduGAIN test service is not bound by the formal conditions of the
eduGAIN production service and is provided mainly to test the technical
infrastructure of a Federation before it formally joins eduGAIN
Federations willing to join eduGAIN are encouraged to start by joining
the test service
Innovation through participation
Joining prerequisites
Federations should apply for joining eduGAIN only if they have
previously read the eduGAIN policy documents
(http://www.edugain.org/policy) and have at least one metadata entry
ready to be added to the eduGAIN service.
Metadata sets supplied to eduGAIN SHOULD NOT contain test entries
unless they are available to multiple services and can be used as a
testing tools; the eduGAIN test service can be use for unlimited testing
It is advisable that the Federation planning to join eduGAIN first enters
the eduGAIN test service
The signed copy of the eduGAIN Policy Declaration will be necessary as
one of the following steps, but since the policy signing procedure can be
a timely process, it is advisable that the applying Federation starts the
procedure as soon as possible
Innovation through participation
Joining the test service
Applying Federation MUST send an e-mail to [email protected]
providing:
contact address for eduGAIN related matters,
URL pointer to the metadata source for MDS.
Upon reception of this mail the OT will:
contact the Federation and set up a proper method of exchanging of
the Federation signing certificate and the MDS signing certificate;
verify that the provided Metadata set is syntactically valid and
contains the reference to the eduGAIN Policy Framework Metadata
Terms of Access and Use document;
after obtaining the signing certificate from the Federation, create a
new entry in the test MDS service and notify the Federation that the
service is ready to use.
Innovation through participation
Joining the production service
Applying Federation MUST send an e-mail to [email protected]
providing:
contact address for eduGAIN related matters,
URL pointer for the Federation page,
URL pointer to the English version of the Federation Policy ,
URL pointer to Metadata registration practice statement,
URL pointer to the metadata source for MDS,
a description or a pointer to a description explaining how the
Federation takes care of the opt-in process by its members.
Innovation through participation
Joining the production service
Upon reception of this mail the OT will:
contact the Federation and set up a proper method of exchanging of
the Federation signing certificate and the MDS signing certificate;
verify that the initial Metadata set is syntactically valid and contains
the reference to the eduGAIN Policy Framework Metadata Terms of
Access and Use document;
verify that the Federation page contains information which is
sufficient to confirm that the Federation primarily serves the
interests of the education and research sector;
verify that all supplied pointers are valid and that the documents
they point to are satisfactory;
contact the Federation with either a confirmation of acceptance of
the supplied information or with requests for supplementary
documentation or correction of what has been supplied.
Innovation through participation
Joining the production service
Applying Federation MUST sign the eduGAIN Policy Declaration and:
provide a pointer to the scanned document
send the original signed paper document to the OT
Upon reception and verification of all relevant information the OT takes
the steps described in the constitution to finalise the joining process. In
certain cases this may involve passing the application trough the
eduGAIN TSG to the GÉANT Exec and may take some time
When the formal process has been finalised, the OT
adds the federation to the MDS production service,
notifies the Federation the service has been started,
update the eduGAIN participant list on the eduGAIN site.
Innovation through participation
Avoiding errors
Documentation and policy
read all of it
consult the eduGAIN status page
http://www.edugain.org/federation_status.php and see how others
do it
Opt-in
you must be aware that eduGAIN requires that only willing
participants appear in metadata exposed to the MDS.
Metadata format
check the eduGAIN metadata profile for all required attributes;
remember, that a SHOULD requirement is nearly equivalent to
MUST, you must have a good reason not to provide something
which is expected with a SHOULD clause
No experimental entries in eduGAIN
do not supply entities which are not meant for production
Innovation through participation
international use
Avoiding errors (cont.)
English version of the documents
remember that members of eduGAIN federations need to have
access to documents governing other federations and must be able
to understand them, therefore an English translation (even if it can
only be at the best-effort level) is very important
eduGAIN ToU
metadata derived from eduGAIN, i.e. the metadata which you will
provide to your Federation, must be marked with the reference to
eduGAIN Terms of Use, check the eduGAIN metadata profile for
description how this is to be done
In order to avoid duplicated SP entries try to make sure that Service
Provides published in your metadata will not appear in other
Federations – the opt-in procedure should safeguard against this,
however big SPs might have country representatives not quite aware of
what their siblings in other courtiers do, therefore – take care
Innovation through participation
Getting more information
REFEDS, see www.refeds.org
http:[email protected]
General questions and ideas around federations, interfederations etc.
The eduGAIN Project mailing list: [email protected]
http://mail.geant.net/mailman/listinfo/edugain
eduGAIN specific questions
Reporting bugs in the MDS: https://issues.geant.net/jira/browse/MDS
eduGAIN website at:
www.edugain.org
Innovation through participation
Contact info for eduGAIN OT
[email protected]
Innovation through participation
Future work
We divide in two groups
What needs to be done in order to grow eduGAIN?
Innovation through participation

similar documents