The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Miroslav Milinovic <miro AT srce.hr>]

Chris, all

yes. The idea is to use eptid whenever it is available.

So no changes for existing users unless their IdP changes it's behaviour
(in respect to eptid release). Even than there will be no data loss in
CAT. Those admins will probably need to be re-invited by their NRO (fed.
operator).

We'll issue a notification (with instructions) prior to the change (in
late July).

Regards

Miro

On 28.6.2016. 19:26, Chris Phillips wrote:
> Miro and CAT team,
> 
> I presume that this proposed update will work as follows:
> 
> 1. Existing users of eduroam CAT will continue to work with their current
> attribute release policies
> 2. New site admins using Federated Sign on via SAML are encouraged to use
> SAML2 persistent nameID, but MAY be able to use eduPersonTargetedId
> 
> 
> Can you confirm this to be accurate?
> 
> I hope we are not cutting off anyone who already has a sign on configured
> as an admin as the attribute release practice will be materially different
> post update..
> 
> 
> Thanks!
> 
> Chris.
> 
> 
> On 2016-06-28, 10:46 AM, "Miroslav Milinovic" 
> <miro AT srce.hr>
>  wrote:
> 
>> Hi Simon, all!
>>
>> We plan to implement this feature and put it into production by the
>> beginning of August 2016 (so in about one month from now).
>>
>> Best regards
>>
>> Miroslav Milinovic
>> eduroam service manager, GEANT
>>
>> ----- Original Message -----
>> From: "Simon Lundström" 
>> <simlu AT su.se>
>> To: 
>> <cat-users AT lists.geant.org>
>> Sent: Monday, June 27, 2016 3:50 PM
>> Subject: [[cat-users]] NameID
>> urn:oasis:names:tc:SAML:2.0:nameid-format:persistent instead of
>> eduPersonTargetedID attribute
>>
>>
>>> Hi!
>>>
>>> We've recently upgraded our IDPs Shibboleth v3 since v2 is going to be
>>> (or already has been) depreciated.
>>>
>>> According to e.g. Scott Cantor using eduPersonTargetedId as an attribute
>>> and not as NameID is discouraged and depreciated, see:
>>> <https://wiki.shibboleth.net/confluence/display/IDP30/StoredIdConnector>
>>>
>>> <http://thread.gmane.org/gmane.comp.web.shibboleth.user/46825/focus=46856
>>>>
>>> <http://article.gmane.org/gmane.comp.web.shibboleth.user/39696/>
>>>
>>> So when Shibboleth IDP removes the StoredIdConnector none of us will be
>>> able to use your service.
>>>
>>> When are you going to use the
>>> urn:oasis:names:tc:SAML:2.0:nameid-format:persistent NameID instead?
>>>
>>> BR,
>>> - Simon
>>>
>>> ____________________________________
>>>
>>> Simon Lundström
>>> Section for Infrastructure
>>>
>>> IT Services
>>> Stockholm University
>>> SE-106 91 Stockholm, Sweden
>>>
>>> www.su.se/english/staff-info/it
>>> To unsubscribe, send this message:
>>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>>> Or use the following link:
>>> https://lists.geant.org/sympa/sigrequest/cat-users
>>>
>>
>> To unsubscribe, send this message:
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link:
>> https://lists.geant.org/sympa/sigrequest/cat-users
>