edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Niels van Dijk <niels.vandijk AT surfnet.nl>
- To: Ian Young <ian AT iay.org.uk>, Brook Schofield <schofield AT terena.org>
- Cc: edugain-discuss AT geant.net
- Subject: Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems)
- Date: Thu, 27 Mar 2014 12:24:28 +0100
- List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
- List-id: eduGAIN discussion list <edugain-discuss.geant.net>
On 03/27/2014 12:13 PM, Ian Young wrote:
> I think I'd have to raise questions about the security stance of any IdP
> that acted blindly on the RequestedAttributes of an SP without imposing
> some kind of local policy control. This might be a wider discussion, though.
>
> -- Ian
I agree IdPs should not release attributes based on RequestedAttributes
alone. I think however simply being able to ascertain what is required
from an IdP would already help a lot in the communications around such
an attribute release discussion. At SURFnet for example we provide a
portal for our institutions which informs them of the available SPs
including technical, legal/policy and licence requirements. We provide
this info to both the IdP operators as well as the procurement
department. We find this lowers the barriers significantly as it is now
very easy for both (very disconnected) parts of an institution to have
the same 'view' in the entity
regards,
Niels
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), (continued)
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Ian Young, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Ian Young, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Ian Young, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Ian Young, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Leif Johansson, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Leif Johansson, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Brook Schofield, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Ian Young, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 03/27/2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Ian Young, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 03/27/2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Ian Young, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Alex Stuart, 27-Mar-2014
- Re: [eduGAIN-discuss] SPs with no attribute requirements (or so it seems), Niels van Dijk, 27-Mar-2014
Archive powered by MHonArc 2.6.19.