Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: edugain-discuss AT geant.net
  • Subject: Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata
  • Date: Wed, 2 Jul 2014 11:27:05 +0200
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT univie.ac.at
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>
  • Organization: ACOnet

* Lukas Hämmerle <lukas.haemmerle AT switch.ch> [2014-07-02 11:07]:
> > As I've learned very recently some eduGAIN member federations do not
> > in fact provide their members with eduGAIN metadata themself
>
> That is indeed a problem. The question here is: Why don't they do it?
> Because they:
> * don't want to (due to extra effort)?
> * cannot do it technically?
> * did not know that this was not recommended?

I can't answer that, sorry.

> > * Operational complexity for the eduGAIN-OT: So far should the OT ever
> > decide to perform a signing key rollover it has to coordinate this
> > with the eduGAIN member federations.
>
> This will be pretty soon the case btw. as the eduGAIN signer cert
> expires on Aug 1 18:43:32 2014 GMT... But as far as I know Tomasz and
> Maya are aware of this and working on that.

/If/ we agree that this needs to be done (the MDS is/should not be
consumed by end entities' SAML implementations, so I'm not convinced
of that yet) I'd suggest doing this rather soon (ASAP) as many will be
on summer holidays by that time.
-peter

Attachment: signature.asc
Description: Digital signature




Archive powered by MHonArc 2.6.19.

Top of Page