December 11, 2013
12 Noon Eastern, 9AM Pacific, 5PM UK
+1-734-615-7474 (English I2, Please use if you do not pay for Long Distance),
+1-866-411-0013 (English I2, toll free US/Canada Only)
PIN: 0195401 #
Review of EduGain Policy Framework Declaration
Any other business
Warren, Ian, Scott C, Steven C, John, I.J. Kim
- This point basically says that federations will provide their usual metadata and that that metadata can be shared. Technically, this means that a url will be provided that will provide an aggregate for consumption by eduGAIN. More details in the metadata profile. Both the metadata profile and the attribute profile will be provided in pdf. Markups on those docs are now approved changes. Steven asked if there was a constraint on the number of entities included in metadata. Ian points out that originally UK was reticent because there were constraints on which entities were included and how they would be decided upon. Current declaration avoids constraining on how entities opt-in. John looked over declaration with two views - federation operator as an entity and how it constrains members of the federation. Ian states that the principal promise that this point is making is that you are getting the metadata that the federation would provide internally, so you get the same assurances as a participation federation that federation members get. The primary question John sees from a legal perspective is whether we can legally provide this information outside of the InCommon federation given the current InCommon participation agreement. Ian notes that in UK there is an opt-in process that ensures that they understand and agree to export of their metadata. There is a long-term intention to flip to opt-out at some point, but certainly not in the next year. This is at least in part because the UK has 1600 members vs eduGains 200.
- Federations will share some or all eduGain metadata with their members. There is no obligation to leave the metadata unchanged. The UK regularly performs minor edits on metadata. Ian believes this is a general understanding within eduGAIN that federations will "impedance match" to their members. John sees that there might be operational challenges with doing this, but supports that it can be done. Ian notes that for very minor changes (inclusion of "mailto" tag for contacts) they don't contact federations, however, for more major issues with metadata, they suppress entities and notify the responsible federation.
- John finds this point unclear on which entity descriptors it refers to, the ones it's exporting or the ones it's importing. Ian says he believe it was intended to be for the export, however, it is a good thing even if interpreted in both ways. It's intended that promptly mean "as part of their normal operations." John would like to see that made more explicit.
- John felt that this was a little sweeping - absolutely all changes? Ian thinks "affecting validation" it really means metadata registration practice statement. But only eduGAIN needs to be informed and they will decide if they need to inform their relying federations. John wants to clarify that this should refer to trustworthiness. Ian sees it more as an operational issues (we moved the endpoint, we sign with a different encryption algorithm, etc). Ian points out that we can apply a signing statement that clarifies "when we declare this we specifically mean ...." Steven points out that today's call is substantially about our understanding of what the declaration means. Would it be useful for us to provide a document of our understanding, or is it better to let them flag things independently. John wants to bring a limited set of questions (if necessary) to prevent extending the process beyond what is needed.
- John notes that this is a question of what is the load on operations. Ian points out that this only requires response to other federation operator, not their member entities. There has been no burden on the UK so far, but they have asked for support from other federations. Some federations take a much more active role in helping manage SPs, but that is not the case for InCommon. IC does have a fairly strict policy for metadata, however. Ian notes that there is increasing rigor on metadata standards with eduGain and this is leading to overall pressure toward more uniform approach.
- John thinks this is OK provided that we can interpret "declaration" appropriately. In particular, we would not have a problem with providing agreement templates, but not with providing a signed agreement with member X. Ian says that in general, all members have the same agreement which has a public template, so the template is all that is needed. If a federation has different agreements with different members, then Ian thinks this is of interest to eduGAIN and should be exposed. John points out that due to differing state laws, there are cases where contractual language is changed to comply for some members. Steven points out that Germany has a similar situation, and may have had to grapple with this issue already.