An open discussion list for topics related to the eduGAIN interfederation service.

[Leif Johansson <leifj AT sunet.se>]

On 12/05/2013 12:25 PM, Ian Young wrote:
> On 5 Dec 2013, at 11:14, Leif Johansson <leifj AT sunet.se> wrote:
>
>> I'm actually pretty sure I'm right.
> Aren't we all ;-)
I'm not often as sure as I am about this although I sometimes act like I
am :-)
>
>> I have (say) an accredited idp from multiple sources: from a federation
>> operator thats is authoritative from the key and some of the attributes
>> and from Kantara that is authoritative for the assurance level
>> attribute. These sources need to merge into your local trust-engine.
> There are specific cases where you can make merging work. The one you're 
> describing here might be one, but I don't agree that it's the right 
> approach: having to register an entity with one source just to acquire an 
> assurance level association seems to me to just make the multiple 
> registration issue worse. Building a solution in terms of some kind of 
> reputation service (TBD) has always seemed like a better solution to me.
It would not be a registration at all. Kantara would (ideally) be an
aggregator that fetches authoritative metadata from lots of places and
publish a "decorated" stream...

If you want a more close-to-home example, consider a service that
aggregates lots of feeds and allows service owners to sign the CoC for
"their" SPs - a decorated feed is produced downstream.
>
> That aside, I don't think the general case -- which is what you would need 
> to address the sort of issue Dick is facing -- is soluble. I could be 
> wrong, of course, but the way to demonstrate that would be to show me an 
> algorithm. This is not the first time "just merge them" has been proposed 
> as a solution to this problem, but I've never seen anything more specific 
> proposed.
>
>       -- Ian
>
>
>