Action for all - Provide feedback to the docs at:
Andreas noted that there is a separate wiki page for each of the work items, so people are invited to provide comments.
1 Virtual Organizations
1.1 SWITCH VO Demo
VO demo form SWITCH is available for test. A test scenario is also described to add a user to one or more group. Really interesting work. Plan is to continue to test the demo service.
Two type of tests:
- adding more VO services. It would be good to test a shib2 SP to connect to Lukas' VO. Leif offered a test SP for a test. Lukas noted that the latest release version is needed. Torsten volunteered an shib SP as well.
- adding more IdPs (non-swiss) and connect them to the
Andreas said it would be nice to test Lukas' sw with a SimpleSAMLphp SP. However there is work still needed on the consumer side of the attribute authority. Andreas proposed to discuss further with RedIRIS.
Q1: What identifier is used ? SWISS eduID unique identifier, which is an opaque version of eduPersonPrincipleName. LH mentions the goal is to used eduPersonTargetedID as unique identifier, but some changes for this to happen are needed at shib-level. AS noted that if eduPersonPrinciplename could be used it would be easier to connect more services, in contrast to Swiss eduID, which is not used outside Switzerland.
Q2: How does the SP retrieve attributes from the VO? SP asks for any attribute, although it could be config to ask for specific attributes.
Q3: what if the attribute authority is not available? Lukas said that the additional info is not displayed.
1.2 Clarin use-case
CLARIN use-case was discussed - AS noted that CLARIN is a very interesitng use-case, although more discussion is needed to understand their requirements. It could be a case of attribute aggregation and/or VO. If the need covers authZ as well then it would be a good use case for VOs.
Andreas noted that more use-cases should be provided.
1.3 Front-channel attribute aggregation
Discussion with WAYF on doing implementation in simpleSAMLphp. More information will be available.
1.4 Open actions
- Comments requested by Andreas on the VO attributes.
- Implementation of SimpleSAML attributes queries - Anybody wants to adopt this?
- Evaluation of more existing software package - VOMS, Comanage, Grouper
2 Metada distrubution
Lukas - More test on metadata distribution? Not really, but some issues with the signature of metadata.
Maja - To send an email to the list to report on the status of the test.
Renater - Nobody was at the VC.
Leif - Provided metadata for a couple of Unis. Test is ongoing, but there seems to be some confusion on the IdP side.
Andreas asked whether eduGAIN has some specific requirements. Juergen and Josh to provide feedback on this.
Metadata aggregation needs more ad-hoc discussion/tests, maybe using jabber?
3 User Centric
- Andreas wrote a doc, to design an OpenId federation from scratch. Some interesting ideas appeared.
- Licia will start a first doc on OpenId and send that to the list.
4 Federation Harmonisation
New volunteers to write documents:
Single Log-Out: planned work by NIIF
- Kristof Bajnok, NIIF, bajnokk@niif.hu
- Adam Lantos, NIIF, adam.lantos@niif.hu
De-Provisioning
- Leif Johanssson, NorduNet, leifj@sunet.se
Work not started yet.
5 Meetings
See the GN3 wiki. Next meeting: Oct 14.
iCal stream available. Information about that on the wiki.