An open discussion list for topics related to the eduGAIN interfederation service.

[Ian Young <ian AT iay.org.uk>]

On 27 Mar 2014, at 10:46, Brook Schofield <schofield AT terena.org> wrote:

there are 26 services in eduGAIN and 2735 services globally that seem to have ZERO isRequired="true" and ZERO RequestAttributes in their metadata:

I wouldn't pay too much attention to the zero isRequired="true" metric. This can be zero for a couple of reasons related to the inability to describe the SP's real requirements within the restrictions of the SAML specification.

The only one that's worth looking at is whether an SP has any RequestedAttributes at all.

Ian confirms that UKf has absent metadata in some instances

In most instances, actually. Only 2% of our SPs have RequestedAttributes. In the ones we export to eduGAIN, the figure is 53%.

) - which SPs believe are universally the case and causes problems with metadata exchanged via eduGAIN when they encounter IdPs that don't have these default positions.

I think I'd have to raise questions about the security stance of any IdP that acted blindly on the RequestedAttributes of an SP without imposing some kind of local policy control. This might be a wider discussion, though.

-- Ian

Attachment: smime.p7s
Description: S/MIME cryptographic signature