February 2009

eduGAIN web site is up and running

The purpose of eduGAIN is to provide the means for achieving interoperation between different Authentication and Authorisation Infrastructures (AAI).

Work has been ongoing with testing and adjusting the infrastructure.  We are confident that this work will move to SAML 2.0 shortly 🙂


Foodle was translated into nynorsk tonight (and I would like some help with quality control). Foodle now exist in English, Bokmål, Nynorsk, Danish, Swedish, Finnish, German, Dutch and Slovenian.

Given my status as Boss no 203 of AMO (Astronomers against chopping words into irrelevant parts) I insisted on meddling with the bokmål Foodle version as well. Removing unnecessary white space felt really good!  I hope those mangled words that have now been joined feel better.

Levels of Assurance is one of the hot development topics in federations. JISC published the final report of JISC LoA work in November 2007 from the ES-LoA project. The project collected requirements from service providers, identity providers and universities in the UK. They also investigated existing LoAs, and looked into requirements in higher education and research.

Nicole Harris announced:

JISC Legal has done investigative work to review current federation policy documentation for federations in higher education and research. This work is now available from http://www.jisc.ac.uk/media/documents/publications/rptamfeasibilityv1.pdf

The analysis and comparison of federation policies help us revise federation policy, as well as facilitate inter-federation work.

The REFEDs group published a set of draft documents on privacy and data protection. The authors discuss requirements from the European Personal Data Directive (95/46/EC) and how this applies to exchanging data for applications in research and education communities.

The check lists should be useful both for service providers connecting to federations, as well as for universities and schools participating in federation

Next EuroCAMP in Cork, Ireland, May 18-19 2009 is focused on How to build single sign on systems – practical experiences.

EuroCAMP (European Campus Architecture Middleware Planning) workshops are gatherings for European universities, research and research networks. TERENA organizes the EuroCAMPs:

The TERENA EuroCAMP workshops aim to develop the knowledge and skills that are needed by staff who are involved in the set-up of identity management systems (IdMS) for authentication and authorisation. The events provide an opportunity to learn about identity management, authentication, authorisation, directories and other middleware standard technologies.

My youngest son was named in a process involving Naming Game with federated authentication, Foodle polls and technology testing of cross federations.  Some of the lessons we learned from setting up a simple desireable application:

  • Adding entire federations lowers the administrative burden
  • Adding entire federations creates administative tasks we did not know about (Finding a Dutch to translate a federation contract to be signed was not really hard in our case. Your mileage may vary, I had a Dutch co-worker next door.)
  • Metadata needs to be massaged, and there is work to be done on standardization and metadata automatization.  Automated collection of metadata, understandable formats and update propagation is higher on the Feide agenda than it was before we hit the scaling issues.
  • Keeping an OpenIdP for homeless users is smart.  Well, it is smart until they forget their username and start asking questions.
  • Service providers do not know the intended user community.  Applications morph audience as word-of-mouth travel in the community.  Never underestimate the network effects.
  • Mixing anonymous and verified access is necessary in some use cases, but creates work on authorization inside your application.  Most applications are touchy about authorization delegation, with good reasons.

Next Page »