GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange 2016, Miami 2016-09-26

Code of Conduct European Parliament and Council: data protection reform  legal and federation consultation  analysis of eduGAIN’s policies focused on attribute release  effective 25 May 2018 2.0 draft should cover attribute release out of EU/EEA as well Work with DLA Piper  analysis of policies Possible to craft a single Code of Conduct that will work globally? Roadmap: Fall 2016: Prepare a draft of a new, GDPR compliant Code of Conduct Spring 2017: Community consultation within REFEDS community Iterate 25 May 2018 submit to the data protection authorities for approval

Metadata and attribute release management Attribute release: typical conversion rules stored centrally? Metadata management: scalable metadata release KPI monitoring Monitoring and Statistics Web page with all available tools Standardize F-Ticks format eduGAIN F-Ticks service Ticks by every IdP Aggregated per federation/inter-federation Public stats and internal stats

IdP as a Service Look at GARR IDEM, UK Federation,… TIER Business models, security,… As Extension of Federation as a Service

eduGAIN incident management development SIRTFI Security contacts in Metadata Validated Look at requirements from AARC Probe Overview/Monitoring page Self-assessment tool Management tool? Monitoring page added to technical eduGAIN

RASP – Research Infrastructures and Service Providers Task Leader: Lukas Hämmerle

eduGAIN Connectivity Check Service (ECCS) technical.edugain.org/eccs/ Checks for each eduGAIN IdP if it is properly "connected" to eduGAIN I.e. it loads eduGAIN metadata and displays a login page when a user tries to access an eduGAIN SP For each eduGAIN IdP do the following check: Initiate a login process from two eduGAIN SPs (except for disabled IdPs) Check if a reasonable login page is returned Classify error messages (Error = Red, Warning = Yellow) Display results on a public web page IdPs can be excluded from checks (=disabled IdPs) Check is not 100% accurate for non-Shib/non-SSP IdPs with custom authentication mechanisms InCommon Federation (August 8th) 30 red IdPs with errors, 48 yellow IdPs with warnings, 333 Ok IdPs

Effect of ECCS Announcement of ECCS

eduGAIN IsFederated Check Service (EIFCS) technical.edugain.org/isFederatedCheck/ Find out if people and organisations are federated and eduGAIN-ready yet. Has a complete list of all IdPs and organisations of production federations world wide as well as of eduGAIN.

eduGAIN Access Check Service (EACS) access-check.edugain.org Test federated access via an eduGAIN IdP using a set of short-term test identities (student, staff, researcher, incomplete attributes, R&S) Use of test identities limited to owner of SP (metadata contact) ******* test-student Research DB X Create service-specific test accounts with different profiles Use them for login on own service only Check if access works and attributes are available

Upcoming: eduGAIN Attribute Release Check Service (EARCS) Work in Progress Check to see if IdP conforms to attribute release recommendations (i.e. R&S, CoCo) Any user from an IdP can take test Results will be public

Simple SP Registration Process wiki.edugain.org/How_to_Join_eduGAIN_as_Service_Provider Generic (federation-independent) guide on how to register an SP in eduGAIN Refers to guides of individual member federations UK Access Management Federation (in a pilot) to act as a "federation-of- last-resort" in case SP does not know with which federation to register