Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata


Chronological Thread 
  • From: Leif Johansson <leifj AT sunet.se>
  • To: Nicole Harris <harris AT terena.org>
  • Cc: "edugain-discuss AT geant.net" <edugain-discuss AT geant.net>
  • Subject: Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata
  • Date: Sun, 29 Jun 2014 12:41:35 +0200
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>

On 2014-06-29 11:45, Nicole Harris wrote:
> Sent from my iPhone
>
>> On 29 jun. 2014, at 10:04, Leif Johansson <leifj AT sunet.se> wrote:
>>
>>> On 2014-06-28 19:40, Nicole Harris wrote:
>>>> On 28/06/2014 17:09, Peter Schober wrote:
>>>> * Nicole Harris <harris AT terena.org> [2014-06-28 16:13]:
>>>>> Well my first and primary question would be under what terms Jozef is
>>>>> using the metadata? I cannot find his service URL registered with any
>>>>> federation or with eduGAIN.
>>>> From the RequestInitiator used
>>>> ("https://lindat.mff.cuni.cz/Shibboleth.sso/Login";)
>>>> I think it is this entityID:
>>>> https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp
>>>> registered (and exported to eduGAIN) by http://www.eduid.cz/
>>> Yeah, sorry - thought I had deleted that paragraph before I sent as I
>>> found it eventually. Trouble with looking at work emails whilst taking
>>> the child to the cinema. Although to be fair it is practically the only
>>> thing you can do during the children's films at the cinema.
>>>
>>> Still think it is taking liberties with some of the metadata though.
>>
>>
>> The SWAMID terms of use are pretty clear:
>>
>> You may only use the Metadata as follows:
>> - Installation onto your own IT systems for the purpose of establishing
>> trusted communications between your systems and those of the Registrant
>> by means of standard middleware protocols.
>>
>> - Any and all rights including intellectual property rights to the
>> Metadata shall remain owned by the Registrar, the Registrants or the
>> Signer.
>>
>> I don't see Jozef violating any of this however clueless his tests may
>> otherwize be.
>
> I do.
>
> He is using metadata that is not being provided via edugain as part of
> the tool. It is also not being used to "establish trusted

So what?

> communications", I.e. As part of the login process but is being made
> part of the service. So for example metadata from UK colleges is
> included, not in the login, but being tested. None of these are in
> edugain metadata.

If we (as in SWAMID) wanted that narrow interpretation we'd have written
"exclusively" or "directly establish" or something like that.

His intent is to discover "gaps in the routing table". As long as he
isn't trying to datamine PII, arguably that is supporting authentication.

>
> We have the same problem with MET which is why I was careful to ask
> all federations to send me their feed data and when it moves to full
> service I will ask federations to register their data themselves.
>

OK fair enough but you're also playing into a failed notion that public
keys are not public.








Archive powered by MHonArc 2.6.19.

Top of Page