edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Ian Young <ian AT iay.org.uk>
- To: Lalla Maria Laura Mantovani <marialaura.mantovani AT garr.it>
- Cc: idem-staff AT garr.it, edugain-tsg AT geant.net, edugain-discuss AT geant.net, marco Malavolti <marco.malavolti AT garr.it>
- Subject: Re: [eduGAIN-discuss] issue on metadata flow
- Date: Mon, 7 Jul 2014 10:05:42 +0100
- List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
- List-id: eduGAIN discussion list <edugain-discuss.geant.net>
On 7 Jul 2014, at 09:47, Lalla Maria Laura Mantovani <marialaura.mantovani AT garr.it> wrote:
Why then these SPs knew the metadata of these Italian IdPs? The reason is that the metadata of Italian IdPs that opt-in to eduGAIN were included in the UKFederatation Metadata.
I don't understand if this happened because of a mistake in your procedure, or this is a desired flow.
Yes, the presence of all eduGAIN entities in the UKf production aggregate is by design. We've talked about this on the lists before; we think it's better than the alternative.
I have to say that I don't like that Italian end users got an error message that they don't understand and we as italian federator operator can't do anything to help them.
We don't think that's optimal either. If those SPs are indeed of use to Italian users, then we should work to get those SPs exported into eduGAIN.
The last couple of times this has come up, though, this was just a result of someone trying out an SP that they had no reason to believe would give them access anyway. I don't think that kind of case is as problematic.
Italian entities that opt-in eduGAIN consume eduGAIN metadata. They didn't opt-in to UKFederation, so they don't consume UKF metadata. For this, UK entities that didn't opt-in eduGAIN must not consume eduGAIN metadata because acting in this way they only cause errors.
That's not the way our system works. We're aiming towards a future where all UKf entities are full participants in eduGAIN, so we don't want our entities to have to consume an additional aggregate in order to see entities imported from eduGAIN. We're not the only federation going down this route.
So please take away italian entities from the ukfederation metadata.
We can do that if you request it, but it would mean that no UKf entities AT ALL, whether opted in to eduGAIN or not, will see imported entities from your federation. That doesn't sound to me like the best solution.
-- Ian
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [eduGAIN-discuss] issue on metadata flow, Lalla Maria Laura Mantovani, 07-Jul-2014
- Re: [eduGAIN-discuss] issue on metadata flow, Ian Young, 07/07/2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Tomasz Wolniewicz, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Ian Young, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Tomasz Wolniewicz, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Nicole Harris, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Ian Young, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Glenn Wearen, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Tomasz Wolniewicz, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Glenn Wearen, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Ian Young, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Peter Schober, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Nicole Harris, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Tomasz Wolniewicz, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Ian Young, 07-Jul-2014
- Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow, Tomasz Wolniewicz, 07-Jul-2014
- Re: [eduGAIN-discuss] issue on metadata flow, Ian Young, 07/07/2014
Archive powered by MHonArc 2.6.19.