An open discussion list for topics related to the eduGAIN interfederation service.

[Thomas Lenggenhager <lenggenhager AT switch.ch>]

Hi Olivier,

Two observations:
1) Would you start with an opt-out period first, so that IdP admins
could put their opt-out check mark in your federation registry, before
you start publishing the IdPs to eduGAIN? That way, one could avoid of
having to remove IdPs after they were visible for some time already.

2) Responsibilities and risks: FER provides attribute filters. To what
extent the IdP admins can influence them individually? If you add the
attribute requirements of all eduGAIN SPs into the filters, I think FER
may take responsibility for the data export. If you limit it to the SPs
with CoC and/or R&S entity category, that might reduce the risk FER takes.

Thomas

On 18.02.14 16:41, Olivier Salaün wrote:
> Hi all,
> 
> Discussions during the last TF-EMC2 OpenSpace in Zurich made me realize
> RENATER's articulation with eduGAIN needed to be changed and I hope to
> get some feedback from this group regarding this change.
>  
> Until now French IdPs and SPs had to opt-in to get their metadata
> included to eduGAIN metadata. We know this workflow does not scale
> because our IdP admins are not familiar with eduGAIN SPs use cases and
> it would take us a huge effort to convince IdP admins to opt-in for eduGAIN.
> 
> We now consider to change our workflow.
> 
>   * The plan is to move to eduGAIN opt-out for our IdPs only;
>   * opt-in would still apply to French SPs willing to join eduGAIN.
>   * By default, all French IdP metadata would be published in eduGAIN
>     upstream metadata.
>   * We would also include eduGAIN SPs metadata into our federation
>     metadata file (renater-metadata.xml).
>   * Our federation registry will let IdP admins perform eduGAIN opt-out
>     if they wish.
>   * We already publish attribute filters for Shibboleth IdPs; a new
>     attribute-filter file would include all eduGAIN SPs (or the ones
>     that are CoC compliant).
> 
> 
> We foresee this change will increase interest in eduGAIN as an AAI
> infrastructure and will limit support to eduGAIN SPs for RENATER.
> ON the other end:
> 
>  1. the attribute release issues remains until IdPs use the attribute
>     filters we will provide
>  2. we end up mixing national and international SPs in our national
>     metadata file.
> 
> 
> I look forward to get your feedback :)

-- 
SWITCH
------
Thomas Lenggenhager, Central Solutions
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 1505  direct +41 44 268 1541
http://switch.ch