An open discussion list for topics related to the eduGAIN interfederation service.

[Lalla Maria Laura Mantovani <marialaura.mantovani AT garr.it>]

Hi Olivier and all,
I realized now that I'm not subscribed to edugain-discuss AT geant.net so I
couldn't see if there has been posted any reply.
We discussed inside IDEM about your workflow and we also are in favour to
change our policy in the following
points:

• Move to eduGAIN opt-out for our IdPs only;
• opt-in would still apply to Italian SPs willing to join eduGAIN.
• By default, all Italian IdP metadata would be published in eduGAIN upstream metadata.
• Our federation registry will let IdP admins perform eduGAIN opt-out if they wish.

I would like to know if there were comments about the following two
points:

• We would also include eduGAIN SPs metadata into our federation metadata file (renater-metadata.xml).
• We already publish attribute filters for Shibboleth IdPs; a new attribute-filter file would include all eduGAIN SPs (or the ones that are CoC compliant).

We are thinking about changing our policy, and we will discuss this
during next IDEM assembly that will take place on April 2nd,
2014.

Cheers
lalla

At 16:26 18/02/2014, Olivier Salaün wrote:

Hi all,

Discussions during the last TF-EMC2 OpenSpace in Zurich made me realize RENATER's articulation with eduGAIN needed to be changed and I hope to get some feedback from this group regarding this change.
 
Until now French IdPs and SPs had to opt-in to get their metadata included to eduGAIN metadata. We know this workflow does not scale because our IdP admins are not familiar with eduGAIN SPs use cases and it would take us a huge effort to convince IdP admins to opt-in for eduGAIN.

We now consider to change our workflow.

• The plan is to move to eduGAIN opt-out for our IdPs only;
• opt-in would still apply to French SPs willing to join eduGAIN.
• By default, all French IdP metadata would be published in eduGAIN upstream metadata.
• We would also include eduGAIN SPs metadata into our federation metadata file (renater-metadata.xml).
• Our federation registry will let IdP admins perform eduGAIN opt-out if they wish.
• We already publish attribute filters for Shibboleth IdPs; a new attribute-filter file would include all eduGAIN SPs (or the ones that are CoC compliant).

We foresee this change will increase interest in eduGAIN as an AAI infrastructure and will limit support to eduGAIN SPs for RENATER.
ON the other end:

1. the attribute release issues remains until IdPs use the attribute filters we will provide
2. we end up mixing national and international SPs in our national metadata file.

I look forward to get your feedback :)

--

Olivier Salaün

GIP RENATER
Etudes et Projets Applicatifs (EPA)
Tél : +33 2 23 23 71 27
 
http://www.renater.fr

Date: Tue, 18 Feb 2014 16:36:48 +0100
From: Lukas Hämmerle <lukas.haemmerle AT switch.ch>
Organization: SWITCH
To: enabling-users AT geant.net,
        Olivier Salaün
        
<olivier.salaun AT renater.fr>

Hi Olivier

> I look forward to get your feedback :)

I recommend you to send this email to edugain-discuss AT geant.net as
the
enabling users group is relatively small and you certainly will get
a
broader and better feedback on that list.
Will provide some comments there (generally, I'm in favour of this
approach).

Best Regards
Lukas