Skip to Content.

edugain-discuss - Re: [eduGAIN-discuss] RENATER moving to eduGAIN opt-out for IdPs

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive


Re: [eduGAIN-discuss] RENATER moving to eduGAIN opt-out for IdPs


Chronological Thread 
    < Chronological >      < Thread >
  • From: Ian Young <ian AT iay.org.uk>
  • To: Lukas Hämmerle <lukas.haemmerle AT switch.ch>
  • Cc: edugain-discuss AT geant.net
  • Subject: Re: [eduGAIN-discuss] RENATER moving to eduGAIN opt-out for IdPs
  • Date: Wed, 19 Feb 2014 15:28:36 +0000
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT iay.org.uk
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>

On 19 Feb 2014, at 14:32, Lukas Hämmerle <lukas.haemmerle AT switch.ch> wrote:

> What you could consider is introducing an inner EntitiesDescriptor
> element (allows to easier creating attribute filters that apply to all
> eduGAIN entities) or to provide another metadata file with
> French-entities only.

We originally intended to go the inner EntitiesDescriptor route in the UK
federation, but when we looked into it we found that there is a *lot* of
software out there (basically, anything other than Shibboleth and
simpleSAMLphp) that can't handle it properly. In most cases, the nested
entities are just ignored.

In the end, we went for a single flat aggregate and suggested that people
make use of the registrationAuthority to distinguish between registrars. We
have a Shibboleth IdP extension to help with that which I think I've
mentioned here before.

-- Ian






Archive powered by MHonArc 2.6.19.

Top of Page