Hello Everyone,

I hope you all had a happy holidays and New Year.

In the last working group I brought up the topic of handling authentication in the GREN node. To be clear this will just be for administrators of a GREN Map instance, not someone viewing the map — that will be open.

Currently for the development and sandbox instance we are using the built in django username and password functionality and as we all know in the modern world this is not adequate for going live.

I brought up the option of using FIM / Federated SSO (eduGAIN) as the authentication mechanism. Marco very eloquently argued the case that we should make federated SSO the only option. Those that don't have FIM/SSO are encouraged to get it set up or request help to get it set up. Having exception discourages adoption and in South America RedCLARA now insists on it for all their services. (Marco please feel free to add or correct me if I have mischaracterised your point here). This view strongly aligns with CANARIE's approach. The general consensus among the other GREN Mapping working group members present was that SSO was pretty much ubiquitous, especially in Europe, and that support for other regions could be provided in one way or another.

Not having to be concerned with password management and protection of PII is of great benefit to adopting SSO.

We would therefore like to propose for the initial release of the GREN Map, we allow Admin logins only via SSO.

This is a big decision so I would like to give other members of the working group the opportunity to have their say. We can discuss more at the next Working Group meeting on the 11^th January or via email exchange if you cannot make it then.

Best Regards,

Dan.