An open discussion list for topics related to the eduGAIN interfederation service.

[Glenn Wearen <glenn.wearen AT heanet.ie>]

Our goal should be to only present a list of institutions where we can reasonably assume that users will be able to successfully login (i.e. metadata is  trusted, attributes are released).

Our approach in Edugate (implemented in JAGGER) is to provide metadata tailored for each SP (and IdP) based on circles of trust, where eduGAIN is one such circle. We've yet to tailor the metadata for SP's where we know the IdP has set an attribute release policy to match the SP's requirements; but we'll get there eventually.

Glenn

HEAnet Limited, Ireland's Education and Research Network - 

1st Floor, 5 George's Dock, IFSC, Dublin 1

Registered in Ireland, no 275301  tel: +353-1-6609040  fax: +353-1-6603666

On 5 Feb 2014, at 09:14, Brook Schofield wrote:

Jan,

this is both intentional and a bug. This isn't dissimilar to the DFN-AAI publishing of its metadata into eduGAIN, acutally the reverse of this situation.

I'm sure others will write a much more elegant response than mine - but I've already received an email from a publisher connected to UK Federation that was interested in the metadata entries of other countries appearing in their metadata feed.

This publisher selectively includes IdPs that have subscribed - so the didn't have a problem - but they wanted to ensure that those IdPs could get access to their service.

UK Federation announced that it would become a full production participant of eduGAIN in early December 2013:

   https://lists.incommon.org/sympa/arc/interfed/2013-10/msg00010.html (message is pasted twice so you can stop reading when déjà vu sets in)

So again it's intentional. If eduID.cz IdPs are interested in accessing Scran or any other services within the UK Federation then you should contact the organisation and encourage their participation in eduGAIN (which they can do by contacting the UK Federation helpdesk - which will fix the bug - at least for that organisation).

-Brook

On 5 February 2014 09:54, Jan Tomášek <jan.tomasek AT cesnet.cz> wrote:

Hello,

we have discovered that UK federation republishes all entities from eduGAIN into their metadata:
        http://metadata.ukfederation.org.uk/ukfederation-metadata.xml
but they are not doing oposite. So entites from UK federation are not being republished into eduGAIN.

I think this could confuse users. By a short experimenting I've found SP https://www.scran.ac.uk/ which offer login by using CESNET, Univerzita Karlova v Praze, ... IdP but those login will always fail because https://www.scran.ac.uk/ is not being exported into eduGAIN, our IdP doesn't know about https://www.scran.ac.uk/ and refuses login. Poor user, poor IdP admin who has to explain to users.

Is this intentional or is this a bug?

--
--------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 234 680 279         http://www.cesnet.cz/

--

===================================================
Brook Schofield, TERENA Project Development Officer
TERENA Secretariat, Singel 468 D, 1017 AW Amsterdam, The Netherlands
Tel +31 20 530 4488    Fax +31 20 530 4499    Mob +31 65 155 3991
www.terena.org