Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems)

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems)


Chronological Thread 
  • From: Niels van Dijk <niels.vandijk AT surfnet.nl>
  • To: Ian Young <ian AT iay.org.uk>, Brook Schofield <schofield AT terena.org>
  • Cc: edugain-discuss AT geant.net
  • Subject: Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems)
  • Date: Thu, 27 Mar 2014 12:24:28 +0100
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>

On 03/27/2014 12:13 PM, Ian Young wrote:
> I think I'd have to raise questions about the security stance of any IdP
> that acted blindly on the RequestedAttributes of an SP without imposing
> some kind of local policy control. This might be a wider discussion, though.
>
> -- Ian

I agree IdPs should not release attributes based on RequestedAttributes
alone. I think however simply being able to ascertain what is required
from an IdP would already help a lot in the communications around such
an attribute release discussion. At SURFnet for example we provide a
portal for our institutions which informs them of the available SPs
including technical, legal/policy and licence requirements. We provide
this info to both the IdP operators as well as the procurement
department. We find this lowers the barriers significantly as it is now
very easy for both (very disconnected) parts of an institution to have
the same 'view' in the entity

regards,
Niels





Archive powered by MHonArc 2.6.19.

Top of Page