IaMIaaS Terms | Lanka Education and Research Network

IaMIaaS Terms & Conditions

1. The IaMIaaS is offered only for the connected LEARN member institutions (those who have subscribed LEARN Internet bandwidths).

2. The infrastructure has no disaster recovery to follow a standard backup procedure for your IDP recovery needs in an unexpected disaster. LEARN does not have a Disaster Recovery as a Service (DRaaS) either.

A disaster means that it can be a natural disaster such as tsunamis, hurricanes, earthquakes, tornadoes, wildfires, volcanic eruptions, blizzards, hailstorms, mudslides, and floods otherwise a man-made disaster such as misconfigurations/glitch, crime, arson, civil disorder, terrorism, war, biological/chemical threat, cyber-attacks.

The institute must have to take a backups (sized in several Mega Bytes) of their identity database and essential configurations themself on a suitable storage media after changes made. It is a responsibility of the institutional identity manager/administrator. Having as many backups for past days/weeks/months to recover the IDP to a previous best state in case of a disaster is a responsibility of the institute and its identity manager/administrator.

3. The IaMIaaS based on free open source software/tools hosted on LEARN server hardware is completely free of charge as a value added service. The service which is an experimental as well as a voluntary effort of LEARN engineering without any paid vendor supports comes without SLA (Service Level Agreement) but at the best effort of LEARN engineering. The institute or any other party has no rights to claim ANY even explanations in case of service outages or data loss, but they can friendly cooperate with LEARN engineering team to recover the service back in operation.

4. In an event of service outages or performance issues, based on its nature of the issue and the availability of engineers, it might take several hours/days for LEARN to fix it. Such a time period should be patiently accepted by the institute. Note that IaMIaaS comes without a SLA.

5. Reliable IDP service has become a critical part of the campus IT infrastructure today. The IDP outage results to affect many other essential services. Even through it has been hosted in LEARN, having a reliable IDP service is continue to remain as a responsibility of the institute itself.

6. The IaMIaaS instance includes only an instance of shibboleth IDP, an instance of Open LDAP and an instance of Eduroam Radius bundled together. No other software/tools are allowed to be run on the instance.

7. The instance's system resources are set and adjusted by LEARN based on actual requirements, demands and its availability. The institute should not force LEARN to set any, however the performance issues can be officially reported for LEARN to adjust them as per they are available.

8. Institution should appoint an official identity manager or identity administrative officer who is going to handle their identities and coordinate with LEARN. LEARN should be officially informed providing his/her contact details. LEARN should also be informed when the identity manager was changed.

9. Only the Institutional identity manager/administrative officer should consult LEARN TAC (tac at learn.ac.lk) to report any service outages or any other issues. LEARN shall not respond to the end-users.

10. System upgrade/maintenance usually overnight after 10pm. The institutional identity manager/administrator will be informed 12 hours ahead.

11. As a strict rule, no loose password should be used for any of the accounts in LDAP database and the all passwords must be changed at least annually. Minimum requirement for a password is 8 characters without dictionary words, popular names/labels should include at least one upper case letter (A-Z), one lower case letter (a-z), one number (0 - 9) and one none-alphanumeric character (( ) ` ~ ! @ # $ % ^ & * - + = | \ { } [ ] : ; " ' > , . ? / _). This is a responsibility of the institutional identity manager. In case of violating the password policies, LEARN has right to terminate the service immediately even before notified.

12. The institute must not provide identities (accounts) to those who have not been affiliated to the institute. If anybody left the institute, the account must be immediately disabled or removed. LEARN shall not responsible for abusing any systems by the use of identities (accounts) provided by the institute and it going to be a responsibility of the institute.

13. LEARN shall have reserved rights to terminate the service or start charging in case of financially issues or in case of loosing engineers by giving two months notice.

14. LEARN should be noticed soon after the institute decided that they are no longer need the service.

15. LEARN shall have reserved rights to change or add new to above terms and conditions. The current document can be seen at https://www.ac.lk/iamiass/terms

An institute uses LEARN IaMIaaS means, it has agreed all of the above terms and conditions. LEARN has reserved full rights to terminate the service immediately or after a notice, in case of violating any of the above.

Quick links

Recent News