Some of the material is already slightly out of date. Would the effort to globalize this also focus on updating the material? How often do we want to commit to reviewing the material?
Proposal: Updating the document should be on the list of things to do, but at a lower priority than globalizing the existing material. Frequency should match the more local updates done by the CIC schools.
The target audience is at the technical management level. Is that sufficient? Should this be targeted higher? More technical?
This seems to be sufficient according to the community.
The document refers to risk, but doesn't provide a great deal of guidance on how to evaluate risk in this arena. Should it?
Proposal: Do not go into detail on risk assessment in this document; point to other materials, particularly in Training Materials). Added a short paragraph to the intro re: risk management. In general, how to do a risk analysis and follow risk management guidelines is outside the scope of this document.
Perhaps add section on how VOs might take advantage of cloud services (acknowledging that they may not be in a position to sign contracts)
VOs have more difficulty signing agreements with federations that include liability. VOs have few problems buying into a cloud service. Removing this proposal.
If we want this to be more globally applicable, perhaps a bit more on the need to establish SSO on the campus or within the VO? They don't explain why federated authentication in a single campus setting is useful (that it is a logical development out of campus SSO). Also, it would be helpful to have references and definitions.
Proposal: Mention some highlights here, but otherwise point to the videos being produced by the NSRC and REFEDS on the topics.
The section on Privacy and Compliance needs a major overhaul to include information from other regions of the world. Similarly, the section on Technical Trust Framework would need to be generalized.
Federated incident response should include pointers to SIRTFI
.
Perhaps add more regional case studies?
This is fairly SAML specific. Do we want to consider making it more technology neutral, or adding more about OpenID Connect?Proposal: try to make it technology neutral, but only inasmuch as it makes sense to do so. Perhaps create a SAML-specific section
?
Perhaps a section on cloud services as accessed through eduGAIN?