An open discussion list for topics related to the eduGAIN interfederation service.

[Mikael Linden <mikael.linden AT csc.fi>]

>is the use case for an CoCo SP to build a discovery service with only the IdP’s with a CoCo statement. Is that correct?

 

I think there can be also other IdPs listed, for instance

- those with whom the SP has agreed bilaterally

- those who support R&S (if the SP supports it, too)

 

mikael

 

From: Pål Axelsson [mailto:Pal.Axelsson AT uadm.uu.se]
Sent: 23. kesäkuuta 2014 18:12
To: Mikael Linden; edugain-discuss AT geant.net
Subject: SV: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?

 

Hi all,

 

As I understand the need for an IdP CoCo entity category is the use case for an CoCo SP to build a discovery service with only the IdP’s with a CoCo statement. Is that correct?

 

Pål Axelsson

 

Från: Mikael Linden [mailto:mikael.linden AT csc.fi]
Skickat: den 23 juni 2014 15:44
Till: edugain-discuss AT geant.net
Ämne: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?

 

Dear eduGAIN,

 

Currently, the GÉANT Data protection Code of Conduct defines an entity category attribute just for SPs[1]. No entity category support attribute for IdPs is defined.

 

I would like to ask the community’s opinion if there is a need to complement the CoCo specification by defining also the EC support attribute for IdPs. The semantics would be “As an IdP, I’m willing to release attributes to the SPs committed to the GÉANT Data protection Code of Conduct”. The use case would obviously be assembling a proper IdP Dicovery service in the SP side.

 

The reason for the hesitation so far has been a possible interference of the multiple EC support attributes of an IdP, but that issue has been discussed in the REFEDS list [2]. The conclusion was that if an IdP asserts support to multiple ECs, they are interpreted separately and independently. For instance, if an IdP has both the CoCo and R&S support attributes, it means “this IdP releases attributes to an SP that asserts R&S and, independent of that, to an SP that asserts CoCo”.

 

The CoCo support attribute would still leave an opportunity to the IdP to decide,

- what is the maximum list of attributes to release (although the cookbook gives an idea[3])

-  if the IdP wants to make an exception for some SPs (I think we can’t avoid this anyway).

 

Looking forward to receiving your input!

 

Cheers,

Mikael (the CoCo flywheel)

 

[1] http://www.geant.net/uri/dataprotection-code-of-conduct/V1/Documents/GEANT_DP_CoC_Entity_Category_ver1%200_0614.pdf

[2] https://www.terena.org/mail-archives/refeds/msg03847.html

[3] https://wiki.edugain.org/Recipe_for_a_Home_Organisation

--

Dr. Mikael Linden
Senior application specialist, CISSP
CSC - IT Center for Science Ltd.
P.O. BOX 405, FI-02101 Espoo, Finland
+358 40 507 4100, mikael.linden AT csc.fi