This Task delivers developments aimed at federations and campus identity providers, based on the existing federated identity and eduGAIN models and technologies.
It aims to make federated identity on a pan-European scale easier for federations and campus IdPs to adopt, more scalable to cope with significant growth of entities via eduGAIN, and more secure in complex operating environments.
Key objectives
The key objectives of Task 1 are:
T1.1 eduGAIN policy review
- In December 2015, the European Parliament and Council reached agreement on data protection reform [DPREFORM]. This will require legal and federation consultation and analysis of eduGAIN’s policies focused on attribute release (Code of Conduct, EU and international variants, Research and Scholarship Entity Categories, recommendations on User consent), in particular focusing on service implications for eduGAIN members.
T1.2 eduGAIN metadata management and attribute release management
- Develop, pilot and enhance methods for facilitating attribute release and encouraging take-up by federations, including GÉANT Code of Conduct development and support for R&S within eduGAIN.
- Develop and enhance methods for improving metadata management and interoperability, e.g. adoption and customisation of FedLab results.
- Develop and enhance methods to ensure quality metadata exchange, e.g. implementation of best practice on metadata streams for eduGAIN.
T1.3 Development of supporting services for campus identity providers
- Based on findings from AARC, TIER (Internet2) and NREN developments, develop a campus IdP extension to the FaaS service for sites and regions who currently do not have the ability to support or offer a cloud IdP-type of service to campuses.
T1.4 eduGAIN incident management development
- Based on findings from AARC and REFEDS, pilot and implement the recommendations on the Security Incident Response Trust Framework for Federated Identity (SIRTFI) in the eduGAIN operational context.
Deliverables and Milestones:
Deliverable D9.1: Market Analysis for Supporting Services for Campus Identity Providers, M8
Milestone M9.2: Assessment of DP Legislation Implications, M8, White Paper
Milestone M9.4: SIRTFI Pilot Report, M20, Report
Minutes of periodic Task calls
Task1 Trello Board
https://trello.com/b/bNmCfbZK/geant-campus-idp-platform
Availability of people during the summer 2018 break
https://evento.renater.fr/survey/availability-of-people-in-summer-2018-summer-holidays-please-fill-in-the-weeks-yes-you-will-be-at-work-wid35tjv
Relevant internal / collaborations documents
Cloud-based IdP services Catalogue
https://campus-idp-test.geant.org/
Face To Face Meetings (notes, agenda, slides)
SWAMID REFEDS SIRTFI and REFEDS R&S Attribute Release Check
eduGAIN attribute release check
Measurement and Statistics wiki
Measurement & Statistics
Minutes of periodic task calls
September 26, 2016
- October 10, 2016
- November 7, 2016 (T1.3)
- November 21, 2016 (T1.3)
- February 3, 2017
- February 9, 2017 (Architecture Team)
- February 13, 2017
- February 27, 2017
- March 27, 2017
- April 10, 2017
- April 24, 2017
- May 22, 2017
- July 3, 2017
- August 21, 2017
- September 6, 2017
- September 18,2017
- November 6, 2017
- November 27, 2017
- December 18, 2017
- January 15, 2018
- January 29, 2018
- February 12, 2018
- March 5, 2018
- April 30, 2018
- May 14, 2018
Moving towards production: GEANT Software Management Tools
Useful Links and References
Presentations
Final Products Presentations and Documentation
| Product | Goals | Expected users | Notes on final status of the product | References (URLs) and Presentations / Videos / Documents | Subsequent related activity/task and persons involved in GN4-3 | Git Repository |
|---|
| Campus IdP Platform | Enable FedOps and IdP admin to spawn and manage their IdPs - Accessed as an eduGAIN SP. Hosted on Openstack or VMware. | FedOps and HOs IdP admins | Use Case "Create IdP" implemented: - Request and approve new IdP via web client
- Store configuration data in database
- Convert configuration data and trigger Ansible
- Deploy new IdM on existing VM
| Demo Video: CampusIDP Platform DEMO (FULL Short Version).mp4 Documentation: Campus IdP Platform Architecture | - Use Case 1: Create IdP
- Enable deployment on different target environments
- Use Case 2: Manage IdP
- Edit IdP configuration
- Delete IdP
- Use Case 3: Manage Federation
- Lifecycle management of IdP (approve, remove)
- Metadata management
| Web Client:
https://github.com/GEANT/ClientCampusIdP API:
https://github.com/GEANT/APICampusIdP |
| Measurement and Statistics National and eduGAIN platform | Gather Fticks from IdPs belonging to national federatoins and eduGAIN, enabling national ID Federatoins to view and manage their forwarding to a central eduGAIN collector node | FedOps and eduGAIN admins |
|
|
|
|
Docker dpeloyment of Campus IdP | Enable Home organization to deploy a simple, basic Shib IdP on Docker | HOs IdP admins |
|
|
|
|
| Ansible toolkit for deployment of Shibboleth IdP | Enable HOs and federatoin to install and configure IdP and related tools using Ansible. | HO IdP admins and FedOps |
|
|
|
|
| SIRTFI email contacts verification tool | Deploy a web based tool accessible as eduGAIN SP capable of getting security email contacts for IDPs and capable of sending verification email to admins to verify the effectiveness of the addresses and their responsiveness. | eduGAIN support
FedOps
SIRTFI |
|
|
|
|