Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow


Chronological Thread 
    < Chronological >      < Thread >
  • From: Nicole Harris <harris AT terena.org>
  • To: Tomasz Wolniewicz <twoln AT umk.pl>, Ian Young <ian AT iay.org.uk>
  • Cc: edugain-discuss AT geant.net, idem-staff AT garr.it, edugain-tsg AT geant.net, marco Malavolti <marco.malavolti AT garr.it>
  • Subject: Re: [eduGAIN-discuss] [eduGAIN-SG] issue on metadata flow
  • Date: Mon, 07 Jul 2014 11:06:53 +0100
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>
On 07/07/2014 10:52, Tomasz Wolniewicz wrote:
>
> W dniu 2014-07-07 11:45, Ian Young pisze:
>>> Assuming that SPs can tell which IDPs come from eduGAIN, I think
>>> that they should follow a requirement that before they start adding
>>> IDPs from eduGAIN they must first be exported to eduGAIN themselves.
>> Yes, SPs can tell which IdPs come from eduGAIN. The problem is that
>> many SPs -- even commercial SPs -- cut corners when designing their
>> discovery interface and just list everything, rather than for example
>> just their customers.
> I expected this much, in this case I would expect that a separate
> eduGAIN feed, or even and option - take just the UK Feed or another
> one which is aggregated with UK could be easer for them to handle.

I don't think it makes any difference. We are already in a situation
where if any given SP in any given federation automatically lists all
the IdPs that are in that federation in their discovery service (i.e.
not edugain, just local), some of those IdPs will get an error message
as they are not permitted to access or haven't configured access.
Introducing an IdP from another country doesn't change this, it is a
simple fact that if the IdP or SP hasn't configured it won't work. I
don't think it is the case anywhere that every IdP gets working access
to every SP in the federation.
>
> I wonder what mess we will get into when the same SP starts getting
> the same entities from several federations that this SP is a member of.
Supporting SPs "quitting" federations when they can get everything from
one place is going to be an interesting task.

I don't think this is about whether the feed is separate or aggregated,
I think that is a misnomer.

I do think that adding IdPs to eduGAIN has an more significant impact on
how we currently operate and it might be worth thinking more about why
you are exporting them and what it is you expect from doing that. I.e.
if GARR doesn't expect the UK federation to republish those IdP entities
in the UK, why is GARR putting them in eduGAIN?



Archive powered by MHonArc 2.6.19.

Top of Page