img_2867

Every fall, REFEDS has the opportunity to travel across the pond and have an all day meeting at the Internet2 TechEx, thanks to our generous hosts.  For the meeting in September 2016 we decided to change the programme up a bit, put the slides aside and focus on discussion panels and interaction in the room. A blog post on each of those panels will appear here on the REFEDS website.

To start the day, we invited Nick Roy (InCommon, USA), Rhys Smith (UK Federation, UK), Chris Phillips (Canadian Access Federation, Canada), Bradley Beddowes (Australian Access Federation, Australia), Thomas Lenggenhager (SWITCHaai, Switzerland) and Mads Freek Petersen (WAYF, Denmark) to join a panel to discuss issues from the point of view of the federation operators.

The panel started with a look at the challenges facing federation operations right now.  The panelists drew out problems with lack of skill in Service Providers, federation scale and major operational changes (move to HSM), migration from Shibboleth v2 to v3 and pressures to monitize.  This in turn led to reflection about what a future federation operator might have to worry about or do differently. The operators consistently highlighted the need to automate more, improve metadata management and quality and to move beyond a best efforts basis to a professional service.  To do this, all the operators agreed that there were areas we could work together more to improve service.

So what are the future possible services that could be centralized across federations? The panel and participants discussed:

  • Implementing a shared service catalogue alongside more work to tag and group entities for different audiences;
  • Shared helpdesks, with a “follow the sun” model;
  • Having a central business management job role to do relationship management;
  • Identify expertise that are particular to different federations and use these skills as part of a centre of excellence;
  • Harmonise development effort more as developers are scarce in our community;
  • Work to normalize federation behaviour.

Moving questions to the room, participants asked the panel to reflect on issues with knowledge and skill set at Service Providers and what we can do to improve these issues.  It was acknowledged that many providers simply will never prioritise implementation as it is not core business.  We have also seen a problem with insitutional memory – where time and effort has been invested in training staff at Servie Providers this effort has been lost when staff move on.  Chris Phillips summarised this perfectly –

information vacuums are filled with opinion rather than fact.

The most significant issue here is dealing with this lack of knowledge at critical points in service delivery – for example the pressing need for upgrade from Shibboleth v2 to Shibboleth v3.

Discussion moved to to the changing nature of the protocols and technologies we use within our federations and what we need to do to prepare for these changes.  At the moment trust is discussed different across different protocols – there is a clear role for the federation operator in helping to bridge those trust discussions.  Nick Roy highlighted that this was always InCommon’s vision of trust –  to take small chunks that deployers want, and then figure a technical way to implement that.  All the operators agreed that SAML would continue to play a strong role as a core backbone of our federations, with additional protocols layered in to enrich services.  This may drive a more API approach to service delivery.  The mobile experience was drawn out as an important area that has been neglected to date.  4 of the operators on the panel indicated that they currently have an OIDC effort underway, and agreed that cooperation on these developments was essential.

Operators were asked to reflect on the impact of changing IdP communities in our environment.  The following updates were give:

  1. Denmark: K12 in Denmark has a nationwide directory that does not use SAML.  They are considering changing and are looking at SAML, and they are potentially going to become another hub connected to WAYF. There are about a million unique users ever year, and they all log in as an institutional member or a citizen.
  2. SWITCH: this is not a topic yet in Switzerland due to the federated education system (each community is responsible for their own school system, and the school system’s IT).  There is also no national public federation, but they are looking into university libraries as potential customers. First project will start later this year is access to the national licenses.
  3. UK: the UK federation has always been open to anyone wants to be a member. Been on and off with schools over the years. The UK is about to start doing a service with libraries with managed IdPs. They are hoping that everyone in the UK with a library card will be able to use an IdP in the UK federation.
  4. InCommon: InCommon is working on a pilot called the InC Steward Program (see David Walker). Model starts with working with regional networks for more graceful onboarding that InCommon could do; they know the region and the customers better than InCommon does. This could go beyond regional network to business partners that want to run managed IdPs for smaller schools.

As a final question to challenge the panel, the operators were asked who is responsible for metadata quality.  This reflects on discussions on the REFEDS list on responsibilities as we add more and more information into our metadata.  The panelists were firstly all silent – acknowledging the complexity of answering this question effectively.  Federation Operators acknowledged that they clearly have responsibility – there are profiles for a reason and all operators are responsible for quality.  However, changing processes and broader use of interfederation have meant that we are exposed to each others dependencies in interesting new ways.  The upside is this is pushing all federations to get better at different processes.  A significant problem area that remains is decommissioning services from federations – duplicate entries and non-functional services are causing operational problems.  Rhys Smith highlighted that more work was needed to define what metadata quality means, particularly in the frameworks of REFEDS and eduGAIN.

This panel raised many important issues that give us opportunities to reflect on in future blog write-ups, to help us shape the 2017 REFEDS Workplan and to consider for future working groups in REFEDS.  One of the final comments from the room reflected on how REFEDS should position itself moving forward.  REFEDS has shown itself to be good at research and standards and specifications work.  Much of the discussion at the panel focused on operational needs for future federation engagement. REFEDS should probably not move into a more operational role, but has a duty to push operations to a point where normalisation across our federations should just happen.