An open discussion list for topics related to the eduGAIN interfederation service.

[Ian Young <ian AT iay.org.uk>]

On 27 Mar 2014, at 11:09, Niels van Dijk <niels.vandijk AT surfnet.nl> wrote:

> But (perhaps putting it a bit bluntly): in our effort to lower the
> amount of work for the SP have we perhaps taken away the opportunity to
> fix the problem when it was still small (fix/upgrade a bit of config in
> the SP) to a place where it is become big: multiple IdPs and federation
> having to do the checking time and time again?

It's a judgement call, and we can reasonably disagree about which way to make 
the call. From where I'm standing, it probably looks like more work to get to 
100% than it would be for a federation which has traditionally been recording 
this information (and I won't get into the tedious history behind why we 
didn't start doing this earlier).

The balance between the work required (which is *not* primarily SP 
configuration change, but a dialog between the fedop and in our case each of 
900 individual SP operators) and the benefit delivered (taking into account 
the limitations of the SAML format to accurately deliver a picture of the 
SP's real requirements) is going to look very different to different 
federation operators.

Put yet another way, I'd say that the root difficulty in all interfederation 
discussions is that for any value of "you", not everyone is like you.

        -- Ian

Attachment: smime.p7s
Description: S/MIME cryptographic signature