An open discussion list for topics related to the eduGAIN interfederation service.

[Andy Bennett <andyjpb AT knodium.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

> But, again, all of this is just an IDP disco problem, not a
> metadata or eduGAIN problem. (I just chose to deal with some of
> those disco problems via specialized metadata feeds -- workarounds
> or hacks, if you will -- because these are the tools I have
> available now.) We still want metadata to flow everywhere and
> effort would better be spent helping those running less than ideal
> discovery interfaces.

As an SP operator (in the UKf) I agree that a fully meshed (as
possible) metadata system is sensible but that the tooling around WAYF
and DS needs to be improved by a large margin (in all federations).


The question of responsibility for WAYF and DS is an important one. As
Ian says, in the UKf it is recommended for SPs to run their own
discovery. However, I must admit, that not only does the centrally
supplied one(s) lower barriers but it also encourages my laziness.

I'd argue that metadata flow is the responsibility of the federation
operators and discovery quality is the responsibility of the SP (and
IDP) operators. This way, if I (as an SP) operator opt to use the
central WAYF or DS I have a certain quality of service, but the
metadata flow allows me to, independently, construct my own DS in my
own time: I won't have to ask or reconfigure to get more data.

The extra tooling that would be needed is to be able to probe IDPs in
such a way as to find out if they carry my metadata. That will allow
me to build a discovery service where I can guarantee login screens
for every IDP I list.

There is still the issue of what will happen once someone actually
attempts a login but by then we are onto fairly familiar ground wrt
attribute release policies. Hopefully the RequestedAttribute and
EntityCategories work will go some way to smoothing that path.



At this stage, I agree with the UKf metadata policies as it allows and
encourages participants to forge ahead with inter-federation if they
want to. If they don't then the central DS offers specific, well
documented guarantees.




I suspect that development effort poured into tools for creating
custom discovery services would bear the most fruit in terms of a
tangible increase in the end users' perceived service quality.






Regards,
@ndy

- -- 
andyjpb AT knodium.com
http://www.knodium.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlO6hXwACgkQOHp2lX66df8I1wCgny2DtNRtsaJULB4H4lj4eZRQ
vj4AnRvnUg67kchTr12ccYrTGyK+RYas
=Bf3T
-----END PGP SIGNATURE-----