An open discussion list for topics related to the eduGAIN interfederation service.

[Jan Tomášek <jan.tomasek AT cesnet.cz>]

On 02/05/2014 05:26 PM, Brook Schofield wrote:
> On 5 February 2014 17:06, Jan Tomášek <jan.tomasek AT cesnet.cz
> <mailto:jan.tomasek AT cesnet.cz>> wrote:
>
>     At this point I have to admit that my interest come from fact that
>     this broke our automatic central discovery we are running here. We
>     had complain from some SP admin that we are offering IdP which are
>     not in eduGAIN metadata stream.
>
>
> can you clarify this? It looks like you're saying that your eduID.cz
> Central Discovery is publishing IdPs that you get from neither eduID.cz
> nor eduGAIN?

Our central DS is downloading also UK federation's metadata. True reason 
is lost in past and Milan Sova can not tell us any more why he 
configured it this way. I can try to guess:

1) he had ambition to offer this service to wider community than only 
eduID.cz members
2) he needed more testing material to test all software involved

Used logic is:
a) take entityID of SP which is using DS
b) get list of federations where entityID is present
c) offer list of all IdP's from all that federations

We can remove UK federation or limit automatic functions only to 
eduID.cz and eduGAIN entities. But still...

... there is service broken at Scran and that is reason why I first 
started only with this.

After this long discussion I still do not see reason why to offer to 
user login with CESNET IdP at Scram if we know in advance that this can 
not work. This kill usability to USER which is our target audience.

--
--------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 234 680 279         http://www.cesnet.cz/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature