Networks ∙ Services ∙ People www.geant.org eduGAIN Townhall Meeting Nicole Harris (or updating the eduGAIN policy suite) “Unicorns can be sued in Wales”

Slides:



Advertisements
Similar presentations
1 Welcome Safety Regulatory Function Handbook April 2006.
Advertisements

Support and Transparent Process for ENUM Designated Zone implementations for the USA Before the Dept of State ITAC-T Advisory Committee SG-A AdHoc Meeting.
Innovation through participation eduGAIN federation operator training Operations Team, OT, how to join eduGAIN /18 Valter Nordh, NORDUnet / GU.
OFMDFM MINORITY ETHNIC DEVELOPMENT FUND
Auditing, Assurance and Governance in Local Government
Research and Innovation Summary of MS questions on the Commission's proposal for DG Research & Innovation Research and Innovation Rules for Participation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
VERIFICATION AGENCIES WORKSHOP 5-8 September 2006 CHRISTINAH LEBALLO SANAS BEE PROGRAMME MANAGER South African National Accreditation System.
EMS Auditing Definitions
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Telemedicine Credentialing and Privileging October 16, 2014.
App-ID Ad-Hoc Technical Issues TP AppID R02 Group Name: App-ID Ad-Hoc Group Source: Darold Hemphill, iconectiv,
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
FPSC Safety, LLC ISO AUDIT.
ASPEC Internal Auditor Training Version
PROACTIS: Supplier User Guide Contract Management.
ECO-MANAGEMENT AND AUDIT SCHEME Performance, credibility, transparency Accreditation & Registration Systems in EMAS.
National Smartcard Project Work Package 8 – Security Issues Report.
Validation of Participants
SWITCHaai Team Federated Identity Management.
HIPAA PRIVACY AND SECURITY AWARENESS.
1 INTERREG IIIB “ATLANTIC AREA” Main points of community regulation 438/2001 financial management and control systems EUROPEAN COMMISSION SPAIN.
Operational Programme I – Cohesion Policy Investing in Competitiveness for a Better Quality of Life Project part-financed by the European Union.
PEER (Public End-Entity Registry) (MLS -> SPIT -> BEER -> PEER)
Railway Transport Equipment (RTE) Certification Railway Transport Equipment Certification Procedure Application for railway transport equipment certification.
App-ID Use Cases, Syntax and Attributes SEC App-ID_Use_Cases,_Syntax_and_Attributes Group Name: Architecture Source: Darold Hemphill, iconectiv,
Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.
Ministry of Energy, Development and Environmental Protection of the Republic of Serbia Development of the Ecoregister, a national metaregister for environmental.
Validation of legal entities and financial capacity check
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
© Mahindra Satyam 2009 Configuration Management QMS Training.
Scottish Centre for Regeneration (SCR) – Learning Networks quick guide to the online forum platform.
Exhibits for the Auction No. 59 Short-Form Application and Related Issues.
LISTINGS BY TALIBAN AND AL-QAIDA SANCTIONS COMMITTEE Briefing to the Select Committee on Security and Justice 12 Augustus
Networks ∙ Services ∙ People Nicole Harris, GÉANT 45 th TF-CSIRT Meeting, Poznan, Poland Working Group: TI Service Requirements review TF-CSIRT.
1 Registry Services Overview J. Steven Hughes (Deputy Chair) Principal Computer Scientist NASA/JPL 17 December 2015.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
Copyright JNT Association 2009GN3, 8 th September Inter-Federation Agreements eduGAIN and beyond? Andrew Cormack Chief Regulatory Adviser, JANET(UK)
Negotiation of Proposals Dr. Evangelos Ouzounis Directorate C DG Information Society European Commission.
Networks ∙ Services ∙ People Bert van Pinxteren General Assembly, Porto, Portugal Transition to one GÉANT Annual Review June,
University Retention Schedule Training. Introduction to the University Retention Schedule.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Innovation through participation Expectations on eduGAIN and next steps Valter Nordh, NORDUnet / GU 1.
Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
Briefing and Planning meeting on INSPIRE validator implementation – Discussion 16/12/2015.
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Consumers, Health, Agriculture and Food Executive Agency 3rd Health Programme The Electronic Submission System (JA 2015) Georgios MARGETIDIS.
Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
INSETA ASSESSOR- MODERATOR REGISTRATION PROCESSES.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.
Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.
Balloting Preparation Overview Link 11 A/B PDG - Link 11 A/B Network Simulation Standard.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
App-ID Ad-Hoc Technical Issues TP AppID R02
PLWG Review 6.9 and the Interconnection process
REACH 2018 Find your co-registrants and prepare to register jointly.
What Constitutes a “Triggering Event?”
Letter of Intent process 24th November 2017
UN Task Force on Cyber Security and OTA issues
Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop
Management Verifications & Sampling Methods
Update - Security Policies
Information session SCIENTIFIC NEGOTIATIONS Call FP7-ENV-2013-two-stage "Environment (including climate change)" Brussels 22/05/2013 José M. Jiménez.
Appropriate Access InCommon Identity Assurance Profiles
Committees dealing with Taliban and Al-Qaida
Presentation transcript:

Networks ∙ Services ∙ People eduGAIN Townhall Meeting Nicole Harris (or updating the eduGAIN policy suite) “Unicorns can be sued in Wales” 1 st December 2015, Vienna, Austria

Networks ∙ Services ∙ People Operational Practice Local norms Expected behaviour Required behaviour Federation Operator Practices 2

Networks ∙ Services ∙ People “the following example is not intended to dictate practice” 3 Metadata Registration Practice Template

Networks ∙ Services ∙ People This document describes the metadata registration practices of the Federation Operator with effect from the publication date shown on the cover sheet. All new entity registrations performed on or after that date SHALL be processed as described here until the document is superseded. This document SHALL be published on the Federation website at:. Updates to the documentation SHALL be accurately reflected in entity metadata. An entity that does not include a reference to a registration policy MUST be assumed to have been registered under an historic, undocumented registration practice regime. Requests to re-evaluate a given entity against a current MRPS MAY be made to the Federation helpdesk. Introduction and Applicability 4

Networks ∙ Services ∙ People Members of the Federation are eligible to make use of the Federation Operator’s registrar to register entities. Registration requests from other sources SHALL NOT be accepted. The procedure for becoming a member of the Federation is documented at:. The membership process verifies that the prospective member has legal capacity, and requires that all members enter into a contractual relationship with the Federation Operator by agreeing to the Federation policy. The Operator makes checks based on the legal name provided. The checks are conducted with a number of official databases. The membership process also identifies and verifies Registered Representatives, who are permitted to act on behalf of the organisation in dealings with the Federation Operator. Verification is achieved by. The process also establishes a canonical name for the Federation member. The canonical name of a member MAY change during the membership period, for example as a result of corporate name changes or mergers. Member Eligibility and Ownership 5

Networks ∙ Services ∙ People Entity Registration The process by which a Federation member can register an entity is described at. The Federation Operator SHALL verify the member’s right to use particular domain names. Entity Validation On entity registration, the Federation Operator SHALL carry out entity validation checks. These checks MAY include: Ensuring all required information is present in the metadata; Ensuring metadata is correctly formatted; Ensuring URLs specified in the metadata are technically reachable; Ensuring protocol endpoints are properly protected with TLS / SSL certificates. Entity Eligibility and Validation 6

Networks ∙ Services ∙ People Entity Change Requests Any request for entity addition, change or removal from Federation members needs to be communicated from or confirmed by their respective Registered Representatives. Communication of change happens via ( , Federation registry tool etc.) Unsolicited Entity Changes The Federation Operator may amend or modify the Federation metadata at any time in order to: Ensure the security and integrity of the metadata; Comply with interfederation agreements; Improve interoperability; Add value to the metadata. Changes will be communicated to Registered Representatives for the entity. Entity Management 7

Networks ∙ Services ∙ People Registration Information Metadata for all entities registered by the Federation Operator SHALL make use of the [SAML-Metadata-RPI-V1.0] metadata extension to indicate that the Federation Operator is the registrar for the entity and to detail the version of the MRPS statement that applies to the entity. Entity Names The member’s canonical name is disclosed in the entity’s element. The right to use a domain name SHALL be established in one of the following ways: A member’s canonical name matches registrant information shown in DNS. A member MAY be granted the right to make use of a specific domain name through a permission letter from the domain owner on a per-entity basis. Permission SHALL NOT be regarded as including permission for the use of sub-domains. Metadata for SAML Technology Profiles / Other Technology Profiles 8

Networks ∙ Services ∙ People EntityID Format Values of the entityID attribute registered MUST be an absolute URI using the http, https or urn schemes. https-scheme URIs are RECOMMENDED to all members. http-scheme and https-scheme URIs used for entityID values MUST contain a host part whose value is a DNS domain. TO DO: Scopes. REMINDER: THIS IS NOT THE EDUGAIN METADATA PROFILE. Metadata for SAML Technology Profiles / Other Technology Profiles (cont.) 9

Networks ∙ Services ∙ People Changing the Constitution 10 eduGAIN Declaration eduGAIN Constitution SAML PROFILE MetadataProfile Attribute Profile WebSSO Profile Code of Conduct MOONSHOT PROFILE Metadata? Attribute? etc. OTHER PROFILE A B C Code of Conduct

Networks ∙ Services ∙ People Analysis of changes required 11

Networks ∙ Services ∙ People Use term “federation” where it probably should be federation operator. Change Exec reference: “The edugain executive comprises representatives from organisations that fund edugain operations. The current executive is documented (on the edugain website)”. Change SG reference: “Federations should ensure that representatives can represent all technology profiles. Federations may vote on all constitutional changes and new profiles but my only vote on changes to technical profiles they use.” Get SAML out of the constitution (“relevant technology profile”). Get the Metadata Aggregation Practice Statement written (general eduGAIN operational practice statement?). Quick Summary 12

Networks ∙ Services ∙ People Changes achievable? Will you vote? Where do we stand now on membership? See Nick’s presentation. “Primarily serves the interest of the education and research sector”. Where do we stand on federation requirements? See Kristof’s presentation. Thoughts? 13

Networks ∙ Services ∙ People You are invited to join us for dinner! Sonnenfeldgasse Vienna 18:30 – 19:00 start time See you there! Dinner! 14

Networks ∙ Services ∙ People Thank you Networks ∙ Services ∙ People This work is part of a project that has applied for funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No (GN4-1). 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.