An open discussion list for topics related to the eduGAIN interfederation service.

[Jan Tomášek <jan.tomasek AT cesnet.cz>]

Hello Alex,

On 02/05/2014 10:34 AM, Alex Stuart wrote:
> This is intentional behaviour. The UK federation imports eduGAIN
> entities and re-publishes them into its production metadata aggregate.
> However we operate an opt-in to export metadata to eduGAIN rather than
> export the whole aggregate. This arrangement means the opt-in is a
> straightforward administrative decision rather than one that requires
> reconfiguring the entity.
>
> So, yes, users accessing SPs via the UK federation central discovery
> service, or an unfiltered embedded discovery service, will be allowed to
> choose IdPs that haven't exchanged metadata. That's a side-effect of
> decreased friction for the entity operators, and whether this is a
> bug/feature depends on your point of view.

You decreased friction to your entity operators on expenses of any other 
federation/entity operators.

Situation 1:

User A wants to use SP1.uk and see that SP1.uk is not eduGAIN enabled. 
He asks admins of SP1.uk to become part of eduGAIN, after done he can 
access service. Or maybe not because of that administrative stuff.

Situation 2:

User A wants to use SP1.uk and see that SP1.uk offers him with his well 
know IdP. He tries to login as usual and ends with error. He will very 
likely complain at his local support. Which can do nothing different 
than ask admins of SP1.uk.

So what is better? Offer think which we know it can't work. Or to offer 
those services where did our best to be sure all will be working for user?

Communication started from point of sorting an error (2). Or standard 
request for accessing cool service (1).


To me is this like broadcasting eduroam and not being connected to 
hierarchy.

--
--------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 234 680 279         http://www.cesnet.cz/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature