<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:930701169;
mso-list-type:hybrid;
mso-list-template-ids:513203672 1160127856 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;
mso-ansi-language:NL;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1529830772;
mso-list-type:hybrid;
mso-list-template-ids:244619078 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="NL">Hi all.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="NL"><o:p> </o:p></span></p>
<p class="MsoNormal">On Wednesday dec 18<sup>th</sup> we had a face-to-face IRL meeting, where representatives of pilots and interested institutions met with the SURF SCZ team. The agenda was:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0cm" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo2">Presentation of the UX research we had done. During the meeting the research process and findings were presented, and the delivered
<b>9 scenario’s</b> <b>you can click through</b> and find at <a href="https://wiki.surfnet.nl/display/SCZ/SamenwerkingBeheerSysteem+-+SBS">
https://wiki.surfnet.nl/display/SCZ/SamenwerkingBeheerSysteem+-+SBS</a> . On that page you can also find
<b>more extensive notes of the meeting</b> and slides of the UX presentation.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo2">The project team presented the status, amongst others:<o:p></o:p>
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo2">Our Go/No Go moment, at which representatives of institutions decide whether we get a go to develop the pilot into a production ready service (and who is paying for it etc
<span style="font-family:"Apple Color Emoji"">😉</span>), previously planned end of Q4 2018, has shifted to end of Q2 2019. Main reasons: the SURFnet managers responsible for SURFnet identity operations would like<o:p></o:p></li></ol>
</li></ol>
<p class="MsoListParagraph" style="margin-left:108.0pt;text-indent:-108.0pt;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo2">
<![if !supportLists]><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span>i.<span style="font:7.0pt "Times New Roman""> </span></span><![endif]>more end-user experiences from more SCZ pilots.
<b>We really need all pilots for this!</b><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:108.0pt;text-indent:-108.0pt;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo2">
<![if !supportLists]><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span>ii.<span style="font:7.0pt "Times New Roman""> </span></span><![endif]>More detailed and
<b>policy framework</b>, which is tested with pilot parties (collaborations, institutions, service/resource providers) … trust is very important for our solution, and policies are a major part of this. We don’t want lots of big contracts and papers everybody
has to sign. So we’ll try to come up with a ‘lean’ solution, building on work done on similar policies in the EU<o:p></o:p></p>
<ol style="margin-top:0cm" start="2" type="1">
<ol style="margin-top:0cm" start="2" type="a">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo2">Presented the currently looked at options for the operations phase:<o:p></o:p></li></ol>
</ol>
<p class="MsoListParagraph" style="margin-left:108.0pt;text-indent:-108.0pt;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo2">
<![if !supportLists]><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span>i.<span style="font:7.0pt "Times New Roman""> </span></span><![endif]>Partner with GEANT and use
<a href="https://www.geant.org/Innovation/eduteams">eduTEAMS</a>, a service similar to SCZ, with a bonus of them offering, next to COmanage,
<a href="https://wiki.geant.org/display/eduTEAMS/HEXAA+Guidelines">Hexaa</a> and <a href="https://wiki.geant.org/display/eduTEAMS/PERUN+Guidelines">
Perun</a><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:108.0pt;text-indent:-108.0pt;mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo2">
<![if !supportLists]><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span>ii.<span style="font:7.0pt "Times New Roman""> </span></span><![endif]>Try to use the software that SURFconext uses as part of the SCZ software stack. By using more of that code, operations would be easier and therefor cheaper compared to introducing
the software stack currently used in the pilots<o:p></o:p></p>
<ol style="margin-top:0cm" start="2" type="1">
<ol style="margin-top:0cm" start="3" type="a">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo2">Shared in jan & feb 2019 we will turn the UX design into code as a Proof of Concept, to see whether, within a limited time, we’re able to build a solution with a UI and functionality
set we can optimize for our users.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo2">In case you’re interested in the slides of this part of the agenda, you can find them at
<a href="https://surfdrive.surf.nl/files/index.php/s/ufU9CQNWkIvTdzy">https://surfdrive.surf.nl/files/index.php/s/ufU9CQNWkIvTdzy</a>
<o:p></o:p></li></ol>
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo2">The pilots shared info from their pilots … See the link above for the extensive meeting notes.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo2">Bas Zoetekouw from the SCZ SURFnet team did an interactive session (using mentimeter) … the results can be found at
<a href="https://www.mentimeter.com/s/77199557c9c44fad42d84e287041d6a8/e8b7497443ee">
https://www.mentimeter.com/s/77199557c9c44fad42d84e287041d6a8/e8b7497443ee</a> .<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Some questions during the day where ‘parked’ (not all translated – let me know if you desire a translation):<o:p></o:p></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><b><span lang="NL">Bij sign-up, moet je wel/niet je emailadres kunnen aanpassen? </span></b><span lang="NL"><br>
Antwoord: het SURFnet SCZ-projectteam zal daar de komende tijd verder naar kijken en opties bespreken met de pilotpartijen<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><b>Granularity of groups + CO(U)'s... </b><br>
<span lang="NL">Antwoord: het SURFnet SCZ-projectteam zal met de pilotpartijen kijken wat daarin nodig en handig is. Eerste inzichten zijn dat teveel hiërarchie in groepen al snel onoverzichtelijk wordt.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><b>UX nu scoped op science --> also works for education? </b><br>
<span lang="NL">Antwoord: daar zal het SURFnet SCZ-projectteam zeker op blijven letten, alhoewel we nu wel de focus op research hebben<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><b>When a user accesses a service without authorization, who provides the error message? sp? scz?</b><br>
<span lang="NL">Antwoord: we proberen de foutafhandeling op de meest logische plek te leggen, maar moeten ook kijken wat technisch haalbaar is<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><b><span lang="NL">Stuur direct een mail zodra iemand access vraagt [bazo: dus niet pas op het moment dat de CO-admin de aanvraagt goedkeurt]<br>
</span></b><span lang="NL">Antwoord: goed idee om tijd tussen moment dat een gebruiker toegang vraagt en een eerste mail krijgt te beperken en zo bv de kans te verkleinen dat mails ongemerkt in spam-folders belanden.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><b><span lang="NL">ID: EIDAS?? </span></b><span lang="NL"><br>
Antwoord: SURFnet heeft al veel kennis van eIDAS opgedaan. Zodra dat zinnig is kunnen we kijken of eIDAS bv een identity provider kan zijn in SCZ. Een aandachtspunt is o.a. dat de kosten per authenticatie relatief hoog zijn; je zou dan moeten kijken of je eIDAS
dan alleen gebruikt om een identity een hogere LoA te ‘geven’.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><b><span lang="NL">Wie bepaalt of een CO bij een resource mag? SP moet ook toestemming geven.</span></b><span lang="NL"><br>
Antwoord: het moet zeker zo zijn dat een resource-aanbieder weet wie toegang tot resources kan geven. Dat kan in overeenkomsten worden vastgelegd (buiten SCZ om), maar omdat we SCZ zoveel mogelijk ‘DIY’ willen maken, moeten we ook kijken naar de rol van SCZ
daarin (b.v. dat een resource-eigenaar toestemming moet geven zodra een CO- of groep-manager een resource zelf aan een CO kan koppelen).<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span lang="NL"><o:p> </o:p></span></p>
<p class="MsoNormal">In case you have any comments or remarks: please feel free to discuss this on this list or let me know.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="color:black">Kindest regards, best wishes for 2019 and hoping we’ll be able to connect your services to the SCZ, have you pilot those with a nice set of your end users and work out a policy set that strikes a perfect balance
in trust and agility for all concerned,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><br>
Raoul Teeuwen</span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="NL" style="color:black">SURFnet | Productmanager Trust & Identity | Kantoren Hoog Overborch (Hoog Catharijne) | Moreelsepark 48 - 3511 EP Utrecht | tel:0887873496 | tel:+31641195989 | </span><span lang="EN-GB" style="color:black"><a href="mailto:raoul.teeuwen@surfnet.nl"><span lang="NL" style="color:#0563C1">raoul.teeuwen@surfnet.nl</span></a></span><span lang="NL" style="color:black"> | </span><span lang="EN-GB" style="color:black"><a href="http://www.surfnet.nl"><span lang="NL" style="color:#0563C1">www.surfnet.nl</span></a></span><span lang="NL" style="color:black"> | </span><span lang="EN-GB" style="color:black"><a href="https://www.surf.nl/route"><span lang="NL" style="color:#0563C1">www.surf.nl/route</span></a></span><span lang="NL" style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>